Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Installer eSPT Masa PPh versi 2.0#U007e26022009.exe

Overview

General Information

Sample name:Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
renamed because original name is a hash value
Original sample name:Installer eSPT Masa PPh versi 2.0~26022009.exe
Analysis ID:1581812
MD5:0be92f00cc946557bbf1dec87b708224
SHA1:26dfe06acdb876d3b14535eefd8ede889c1822d4
SHA256:b13e900d876cc76cd8cb649f56ae984ddb488c97e5b383bc34524e3fec0b7daf
Tags:exeuser-MAM
Infos:

Detection

BlackMoon
Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Yara detected BlackMoon Ransomware
Connects to many ports of the same IP (likely port scanning)
Contains functionality to detect sleep reduction / modifications
Drops executables to the windows directory (C:\Windows) and starts them
Query firmware table information (likely to detect VMs)
Sample is not signed and drops a device driver
Abnormal high CPU Usage
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Creates or modifies windows services
Creates processes with suspicious names
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables security privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Installs a global mouse hook
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Installer eSPT Masa PPh versi 2.0#U007e26022009.exe (PID: 5324 cmdline: "C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe" MD5: 0BE92F00CC946557BBF1DEC87B708224)
    • Installer eSPT Masa PPh versi 2.0#U007e26022009.exe (PID: 2688 cmdline: "C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe" /i "C:\Program Files (x86)\WindowsInstallerFB\7AF5081\DAN_127.msi" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\BtDDIFUEHLCR" SECONDSEQUENCE="1" CLIENTPROCESSID="5324" AI_MORE_CMD_LINE=1 MD5: 0BE92F00CC946557BBF1DEC87B708224)
  • msiexec.exe (PID: 7072 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 6780 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 1D35FE1868B50914AC73C4C1E92E866C C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 5568 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding D34C0DB36F96DC933127EB55CBA7C9C2 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • MSI7DAF.tmp (PID: 7544 cmdline: "C:\Windows\Installer\MSI7DAF.tmp" MD5: BE4ED0D3AA0B2573927A046620106B13)
      • e8a0d5af432b7e64DBD.exe (PID: 7580 cmdline: "C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe" x "C:\Program Files (x86)\BtDDIFUEHLCR\TLGCBXAGVFLQ.KBI" -o"C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1" -pJHKQFETWJKTIHLLBOKO -aos -y MD5: FAE7D0A530279838C8A5731B086A081B)
        • conhost.exe (PID: 7588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • e8a0d5af432b7e64DBD.exe (PID: 7692 cmdline: "C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe" x "C:\Program Files (x86)\BtDDIFUEHLCR\SUGIPFIMNRQE.TMA" -o"C:\Program Files (x86)\BtDDIFUEHLCR" -pMNHWOTMLOHTPVRFXPCH -aos -y MD5: FAE7D0A530279838C8A5731B086A081B)
        • conhost.exe (PID: 7700 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • e8a0d5af432b7e64DBD.exe (PID: 7784 cmdline: "C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe" x "C:\Program Files (x86)\BtDDIFUEHLCR\TMGJRLDUDWLQ.FCU" -o"C:\Users\user\AppData\Roaming" -pPXOEWCVFPIJPLHQSQSX -aos -y MD5: FAE7D0A530279838C8A5731B086A081B)
        • conhost.exe (PID: 7792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • Bor32-update-flase.exe (PID: 7872 cmdline: "C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe" MD5: 938C33C54819D6CE8D731B68D9C37E38)
  • Bor32-update-flase.exe (PID: 7916 cmdline: "C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe" MD5: 938C33C54819D6CE8D731B68D9C37E38)
    • Haloonoroff.exe (PID: 7952 cmdline: "C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe" MD5: 0D318144BD23BA1A72CC06FE19CB3F0C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
KrBanker, BlackMoonThreatPost describes KRBanker (Blackmoon) as a banking Trojan designed to steal user credentials from various South Korean banking institutions. It was discovered in early 2014 and since then has adopted a variety of infection and credential stealing techniques.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.krbanker

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\BtDDIFUEHLCR\HackPatch.dllMimikatz_Gen_StringsDetects Mimikatz by using some special stringsFlorian Roth
  • 0x6b86c:$s5: Ask debug privilege
C:\Program Files (x86)\BtDDIFUEHLCR\HackPatch.dllMimikatz_StringsDetects Mimikatz stringsFlorian Roth
  • 0x6bf04:$x6: Lists LM & NTLM credentials
C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HackPatch.dllMimikatz_Gen_StringsDetects Mimikatz by using some special stringsFlorian Roth
  • 0x6b86c:$s5: Ask debug privilege
C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HackPatch.dllMimikatz_StringsDetects Mimikatz stringsFlorian Roth
  • 0x6bf04:$x6: Lists LM & NTLM credentials
C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\rtl120.bplJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
    Click to see the 1 entries

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000009.00000003.2021130019.0000000002EE6000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      0000000F.00000000.2077543981.0000000000401000.00000020.00000001.01000000.00000010.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
        00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_blackmoonYara detected BlackMoon RansomwareJoe Security
          Process Memory Space: e8a0d5af432b7e64DBD.exe PID: 7580JoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
            Process Memory Space: Bor32-update-flase.exe PID: 7916JoeSecurity_blackmoonYara detected BlackMoon RansomwareJoe Security

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              18.2.Bor32-update-flase.exe.310950e.5.raw.unpackJoeSecurity_blackmoonYara detected BlackMoon RansomwareJoe Security
                18.2.Bor32-update-flase.exe.310950e.5.raw.unpackMALWARE_Win_BlackMoonDetects executables using BlackMoon RunTimeditekSHen
                • 0x45ba:$s1: blackmoon
                • 0x45fa:$s2: BlackMoon RunTime Error:
                15.0.Bor32-update-flase.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                  18.2.Bor32-update-flase.exe.310950e.5.unpackJoeSecurity_blackmoonYara detected BlackMoon RansomwareJoe Security
                    18.2.Bor32-update-flase.exe.310950e.5.unpackMALWARE_Win_BlackMoonDetects executables using BlackMoon RunTimeditekSHen
                    • 0x45ba:$s1: blackmoon
                    • 0x45fa:$s2: BlackMoon RunTime Error:

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-29T02:00:59.160911+010020528751A Network Trojan was detected192.168.2.449738154.82.113.13963701TCP
                    2024-12-29T02:01:59.365782+010020528751A Network Trojan was detected192.168.2.449738154.82.113.13963701TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile opened: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft.VC90.CRT\msvcr90.dll
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\oDayProtect.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\dbs\el\ddvsm\out\Intermediate\vscommon\perfwatson2.csproj_FB008427_ret\objr\amd64\PerfWatson2.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: msvcp100.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000046D4000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMOfficeScan.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QQPCHwNetwork.pdbRR#GCTL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: c:\vmagent_new\bin\joblist\622859\src\x\x86_ntvbld\objfre_win7_x86\i386\ntvbld.pdb` source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\build\ob\bora-19436861\cayman_gettext\gettext\MSVC14\libintl_dll\Release\libintl_dll.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\gitproj\7z2201-src\CPP\7zip\UI\Console\Release\Console.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000002.2048756739.0000000000728000.00000002.00000001.01000000.0000000E.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000000.2000088539.0000000000728000.00000002.00000001.01000000.0000000E.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000000.2049813150.0000000000728000.00000002.00000001.01000000.0000000E.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000002.2064919257.0000000000728000.00000002.00000001.01000000.0000000E.sdmp, e8a0d5af432b7e64DBD.exe, 0000000D.00000002.2068010090.0000000000728000.00000002.00000001.01000000.0000000E.sdmp, e8a0d5af432b7e64DBD.exe, 0000000D.00000000.2066593628.0000000000728000.00000002.00000001.01000000.0000000E.sdmp
                    Source: Binary string: D:\build\ob\bora-20800274\bora\build\build\LIBRARIES\vmwarestring\win32\release\vmwarestring.pdb!! source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMOfficeScanX64.pdb'' GCTL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: e:\KWSING\trunk\KwResource\pdb\release\HTTPRequest.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: mfc90.i386.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004378000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\build\ob\bora-20800274\bora\build\build\LIBRARIES\vmwarestring\win32\release\vmwarestring.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\8168\vc98\dev\bin\vcspawn.pdbMZ source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: msvcr120.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000049B1000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMDns.pdbDD!GCTL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\Projects\WinRAR\rar\build\rar32\Release\RAR.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\InstallerAnalytics.pdbz source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005246000.00000004.00001000.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMDns.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: e:\KWSING\trunk\KwResource\pdb\release\KwCommonUI.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: wininet.pdbUGP source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1707035647.0000000005014000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000003.00000003.1784899160.0000000003881000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: c:\vmagent_new\bin\joblist\622869\src\x\x64_ntvbld\objfre_win7_amd64\amd64\ntvbld64.pdbL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\build\ob\bora-22583795\bora\build\build\authd\release\win32\vmware-authd.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: c:\vmagent_new\bin\joblist\622859\src\x\x86_ntvbld\objfre_win7_x86\i386\ntvbld.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: h:\ch1\src\sandbox\wow_helper\wow_helper.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMEventBus.pdbZZ source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: msvcr110.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000049B1000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\vmagent_new\bin\joblist\419058\out\Release\360AppCore.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMAVProxy.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005000000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\build\ob\bora-19188697\cayman_glib\glib\src\build\win32\vs14\Release\Win32\bin\gmodule-2.0.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Binary string: D:\build\ob\bora-22583795\bora\build\build\vmware-autostart\release\win32\vmware-autostart.pdb.. source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\agent\_work\2\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000047FB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000044D2000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\Decoder.pdb8 source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Binary string: msvcp90.i386.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000049B1000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QQFileFlt.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\agent\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000047FB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000044D2000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: libEGL.dll.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\agent\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: c:\vmagent_new\bin\joblist\622869\src\x\x64_ntvbld\objfre_win7_amd64\amd64\ntvbld64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\build\ob\bora-22583795\bora\build\build\authd\release\win32\vmware-authd.pdb-- source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005313000.00000004.00001000.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1676650198.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000003.00000003.1784669552.000000000421B000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000003.00000003.1781109686.000000000131F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: rundll32.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\build\ob\bora-21885936\cayman_zlib\build\release\win32_vc140\zlib\build\zlib1.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042962146.0000000003BC5000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000005051000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMRtpDLL.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\MemDefrag.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, MemDefrag.dll.9.dr
                    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\InstallerAnalytics.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005246000.00000004.00001000.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmp
                    Source: Binary string: C:\test\intelligentDemo\PackageMgr\Release\PackageMgr.pdb//' source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdbo source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005000000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMAVProxy.pdb__(GCTL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: wininet.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1707035647.0000000005014000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000003.00000003.1784899160.0000000003881000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: msvcr90.i386.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004CF9000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\build\ob\bora-21885936\cayman_zlib\build\release\win32_vc140\zlib\build\zlib1.pdb$$ source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042962146.0000000003BC5000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000005051000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: e:\KWSING\trunk\KwResource\pdb\release\KwLayoutMgr.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QQFileFlt.pdb.. GCTL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\build\ob\bora-20800274\bora\build\build\LIBRARIES\vmauthd-log\win32\release\vmauthd.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: e:\KWSING\trunk\KwResource\pdb\release\KwLayoutMgr.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\MemDefrag.pdbII#GCTL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, MemDefrag.dll.9.dr
                    Source: Binary string: D:\a\_work\1\s\obj\VS\Microsoft.VisualStudio.Web.Host\Release\Microsoft.VisualStudio.Web.Host.pdbf source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: e:\KWSING\trunk\KwResource\pdb\release\KwLib.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: .pdb% source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2131881089.0000000002568000.00000040.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMEventBus.pdb source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.0000000004080000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\Decoder.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMOfficeScan.pdbLL%GCTL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\Administrator\Desktop\etcp5.0\Release\etcp.pdb source: Bor32-update-flase.exe, 00000012.00000002.2131881089.0000000002560000.00000040.00001000.00020000.00000000.sdmp
                    Source: Binary string: libEGL.dll.pdbs source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: msvcr80.i386.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000049B1000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: msvcp120.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000047FB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000044D2000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: msvcr100.i386.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000049B1000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000044D2000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, Bor32-update-flase.exe, 00000012.00000002.2138244917.000000006F7F1000.00000020.00000001.01000000.00000017.sdmp
                    Source: Binary string: d:\build\ob\bora-19436861\cayman_gettext\gettext\MSVC14\libintl_dll\Release\libintl_dll.pdb11 source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: msvcp110.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000046D4000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\oDayProtect.pdbAA#GCTL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: msvcp80.i386.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000047FB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\8168\vc98\dev\bin\vcspawn.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005000000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QQPCHwNetwork.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: G:\CLIENT\fhbemb\src\bin\Release\fhjyy.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005313000.00000004.00001000.00020000.00000000.sdmp, MSI7DAF.tmp, 00000008.00000000.1998413401.000000000023E000.00000002.00000001.01000000.0000000C.sdmp, MSI7DAF.tmp, 00000008.00000002.2068600823.000000000023E000.00000002.00000001.01000000.0000000C.sdmp
                    Source: Binary string: C:\test\intelligentDemo\PackageMgr\Release\PackageMgr.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: e:\KWSING\trunk\KwResource\pdb\release\kwlogsvr.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMOfficeScanX64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: e:\KWSING\trunk\KwResource\pdb\release\KwLib.pdbp source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\agent\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000047FB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000044D2000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: h:\ch1\src\sandbox\wow_helper\wow_helper.pdbp source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005000000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\build\ob\bora-22583795\bora\build\build\vmware-autostart\release\win32\vmware-autostart.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: G:\CLIENT\fhbemb\src\bin\Release_NL\fhbmini.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, Haloonoroff.exe, 00000013.00000000.2112966039.0000000000B9E000.00000002.00000001.01000000.00000019.sdmp
                    Source: Binary string: C:\vmagent_new\bin\joblist\368203\out\Release\HipsLog.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\agent\_work\2\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMRtpDLL.pdbWW'GCTL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: G:\CLIENT\WallPaper_feihuo\windows\FFWallpaper\bin\Release\bfcipc.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: \WallPaper\windows\FFWallpaper\bin\Release\FFWallpaper.pdb source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.dr
                    Source: Binary string: D:\a\_work\1\s\obj\VS\Microsoft.VisualStudio.Web.Host\Release\Microsoft.VisualStudio.Web.Host.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005000000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\build\ob\bora-20800274\bora\build\build\LIBRARIES\basichttp\win32\release\basichttp.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\lzmaextractor.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005000000.00000004.00001000.00020000.00000000.sdmp
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: z:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: x:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: v:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: t:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: r:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: p:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: n:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: l:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: j:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: h:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: f:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: b:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: y:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: w:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: u:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: s:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: q:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: o:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: m:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: k:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: i:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: g:
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: e:
                    Source: C:\Windows\Installer\MSI7DAF.tmpFile opened: c:Jump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile opened: a:Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile opened: [:
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D40640 FindFirstFileW,FindClose,CloseHandle,CloseHandle,CloseHandle,CreateEventW,CreateThread,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,0_2_00D40640
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C20880 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,_wcsrchr,_wcsrchr,PathIsUNCW,0_2_00C20880
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D1B1B0 FindFirstFileW,GetLastError,FindClose,0_2_00D1B1B0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D4A4B0 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,0_2_00D4A4B0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D4A8B0 FindFirstFileW,FindClose,0_2_00D4A8B0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D1A850 _wcsrchr,FindFirstFileW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,0_2_00D1A850
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D28F30 FindFirstFileW,FindClose,FindClose,0_2_00D28F30
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00CFFE80 FindFirstFileW,FindNextFileW,FindClose,0_2_00CFFE80
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C61D070 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,_wcsrchr,_wcsrchr,0_2_6C61D070
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C627870 FindFirstFileW,FindClose,GetLastError,FindClose,0_2_6C627870
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00D1B1B0 FindFirstFileW,GetLastError,FindClose,3_2_00D1B1B0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00D1ABE0 FindFirstFileW,3_2_00D1ABE0
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006A8BA4 __EH_prolog3_GS,FindFirstFileA,FindFirstFileW,FindFirstFileW,9_2_006A8BA4
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_0070D9C1 FindFirstFileExW,9_2_0070D9C1
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_0070D996 FindFirstFileExA,9_2_0070D996
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_0093657C GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,18_2_0093657C
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00938E6A FindFirstFileA,FindClose,18_2_00938E6A
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00938E6C FindFirstFileA,FindClose,18_2_00938E6C
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B32298 FindFirstFileA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,18_2_00B32298
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00A6A696 FindFirstFileA,FindClose,18_2_00A6A696
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00A6A698 FindFirstFileA,FindClose,18_2_00A6A698
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00A6A7A8 FindFirstFileA,FindClose,18_2_00A6A7A8
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00AB27D0 FindFirstFileA,FindClose,FileTimeToDosDateTime,18_2_00AB27D0
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00A6AAB4 FindFirstFileA,GetLastError,18_2_00A6AAB4
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00A66B80 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,18_2_00A66B80
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B2EDA0 FindFirstFileA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,18_2_00B2EDA0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D49310 _wcsrchr,_wcsrchr,GetLogicalDriveStringsW,GetDriveTypeW,Wow64DisableWow64FsRedirection,Wow64RevertWow64FsRedirection,0_2_00D49310

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2052875 - Severity 1 - ET MALWARE Anonymous RAT CnC Checkin : 192.168.2.4:49738 -> 154.82.113.139:63701
                    Connects to many ports of the same IP (likely port scanning)
                    Source: global trafficTCP traffic: 154.82.113.139 ports 63701,0,1,3,6,7
                    Source: global trafficTCP traffic: 192.168.2.4:49738 -> 154.82.113.139:63701
                    Source: Joe Sandbox ViewASN Name: ROOTNETWORKSUS ROOTNETWORKSUS
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: unknownTCP traffic detected without corresponding DNS query: 154.82.113.139
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: "https://www.facebook.com/iobitsoft equals www.facebook.com (Facebook)
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000000.1660597971.0000000000E39000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: FlashWindowExFlashWindowGetPackagePathKernel32.dllhttp://www.google.comTESTtin9999.tmphttp://www.yahoo.comhttp://www.example.com.partGET "filenameattachment=123POSTcharsetDLDISO-8859-1US-ASCIIutf-8utf-16FTP Server*/*AdvancedInstallerLocal Network ServerIf-Modified-Since: %s equals www.yahoo.com (Yahoo)
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeString found in binary or memory: TFlashWindowExFlashWindowGetPackagePathKernel32.dllhttp://www.google.comTESTtin9999.tmphttp://www.yahoo.comhttp://www.example.com.partGET "filenameattachment=123POSTcharsetDLDISO-8859-1US-ASCIIutf-8utf-16FTP Server*/*AdvancedInstallerLocal Network ServerIf-Modified-Since: %s equals www.yahoo.com (Yahoo)
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeString found in binary or memory: http://www.yahoo.com equals www.yahoo.com (Yahoo)
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004378000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: ftp://http://HTTP/1.0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ascstats.iobit.com/active.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ascstats.iobit.com/moreuse.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ascstats.iobit.com/multi_app/app_db3promote.php?action=insert
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ascstats.iobit.com/other/db_driverinstall.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ascstats.iobit.com/other/db_extlink_download.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ascstats.iobit.com/other/db_temp_download.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ascstats.iobit.com/other/insert.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ascstats.iobit.com/usage.php
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000002.2086612668.0000000005870000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAs
                    Source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, MemDefrag.dll.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmp, MemDefrag.dll.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, MemDefrag.dll.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                    Source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
                    Source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA.crt0
                    Source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, MemDefrag.dll.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005313000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042962146.0000000003BC5000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000005051000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, MemDefrag.dll.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, MemDefrag.dll.9.dr, OTGContainer.exe.18.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005246000.00000004.00001000.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: http://collect.installeranalytics.com
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.000000000324C000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingg2.crl0T
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root.crl0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/COMODOTimeStampingCA_2.crl0r
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.000000000324C000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005313000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000046D4000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000049B1000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004378000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.2084043292.0000000005E26000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000002.2086750409.0000000005E27000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.2081577812.0000000005E21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicer
                    Source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, MemDefrag.dll.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmp, MemDefrag.dll.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, MemDefrag.dll.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                    Source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005313000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042962146.0000000003BC5000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000005051000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, MemDefrag.dll.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, MemDefrag.dll.9.dr, OTGContainer.exe.18.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                    Source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigning-g1.crl03
                    Source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, MemDefrag.dll.9.drString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, MemDefrag.dll.9.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                    Source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmp, MemDefrag.dll.9.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmp, MemDefrag.dll.9.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005313000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042962146.0000000003BC5000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000005051000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
                    Source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigning-g1.crl0K
                    Source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, MemDefrag.dll.9.drString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, MemDefrag.dll.9.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/COMODOTimeStampingCA_2.crt0#
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.000000000324C000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005313000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000002.2084554605.00000000006FE000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.2083210861.00000000006FE000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000003.00000002.2077428524.00000000012D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000002.2086303450.0000000003A7F000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.2081490565.0000000003A71000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000003.00000002.2077428524.00000000012D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1703664200.0000000000765000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1703743080.000000000078D000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1703514174.000000000072C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?8d85772bdf54d
                    Source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2138125089.000000006B296000.00000008.00000001.01000000.00000021.sdmpString found in binary or memory: http://curl.haxx.se/V
                    Source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2138125089.000000006B296000.00000008.00000001.01000000.00000021.sdmpString found in binary or memory: http://curl.haxx.se/docs/copyright.htmlDVarFileInfo$
                    Source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, Bor32-update-flase.exe, 00000012.00000002.2137992653.000000006B282000.00000002.00000001.01000000.00000021.sdmpString found in binary or memory: http://curl.haxx.se/docs/http-cookies.html
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://ec.360bc.cnhttp://www.eyybc.com/forumdisplay.php?fid=17/memcp.php/ip.asp/time.asp/gonggao.txt
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://forums.iobit.com/forum/driver-booster/driver-booster-5
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://forums.iobit.com/showthread.php?t=16792
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://idb.iobit.com/check.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://install-log.kuwo.cn/music.yl
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://klog.kuwo.cn/music.yl
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://klog.kuwo.cn/music.ylhttp://install-log.kuwo.cn/music.ylhttp://log.kuwo.cn/music.ylrwSend
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://log.kuwo.cn/music.yl
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.000000000324C000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005313000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042962146.0000000003BC5000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000005051000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: http://ocsp.digicert.com0
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, MemDefrag.dll.9.dr, OTGContainer.exe.18.drString found in binary or memory: http://ocsp.digicert.com0A
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, MemDefrag.dll.9.drString found in binary or memory: http://ocsp.digicert.com0C
                    Source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://ocsp.digicert.com0H
                    Source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://ocsp.digicert.com0I
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, MemDefrag.dll.9.drString found in binary or memory: http://ocsp.digicert.com0L
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, MemDefrag.dll.9.drString found in binary or memory: http://ocsp.digicert.com0N
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, MemDefrag.dll.9.drString found in binary or memory: http://ocsp.digicert.com0X
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005313000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.000000000324C000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: http://ocsp.sectigo.com0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000046D4000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000049B1000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004378000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/pca3-g5.crl0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.000000000324C000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/universal-root.crl0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.000000000324C000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com06
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com0_
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingg2.crt0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sf.symcb.com/sf.crl0a
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sf.symcb.com/sf.crt0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sf.symcd.com0&
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stats.iobit.com/active_day.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stats.iobit.com/active_month.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stats.iobit.com/register.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://stats.iotransfer.net/active.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sw.symcb.com/sw.crl0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sw.symcd.com0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://sw1.symcb.com/sw.crt0
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeString found in binary or memory: http://t2.symcb.com0
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeString found in binary or memory: http://tl.symcb.com/tl.crl0
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeString found in binary or memory: http://tl.symcb.com/tl.crt0
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeString found in binary or memory: http://tl.symcd.com0&
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.000000000324C000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000046D4000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000049B1000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004378000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.000000000324C000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000046D4000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000049B1000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004378000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000046D4000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000049B1000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004378000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.000000000324C000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://update.iobit.com/infofiles/db2/Freeware-db.upt
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://update.iobit.com/infofiles/db2/db2_free.upt
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://update.iobit.com/infofiles/db2/db2_oth.upt
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://update.iobit.com/infofiles/db2/db2_pro.upt
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://update.iobit.com/infofiles/db3/embhtml/update.upt
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://updatestats.cd4o.com/api.php?act=update
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.360.cn
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.bsplayer.com
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.cd4o.com/drivers/
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.cd4o.com/drivers/wlst/v.json
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005313000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042962146.0000000003BC5000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000005051000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: http://www.digicert.com/CPS0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmp, MemDefrag.dll.9.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeString found in binary or memory: http://www.google.com
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/language-subtag-registry
                    Source: Bor32-update-flase.exe, 00000012.00000002.2130974363.0000000000BBD000.00000020.00000001.01000000.0000001F.sdmpString found in binary or memory: http://www.indyproject.org/
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042962146.0000000003BC5000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=activateweb
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=activateweb-%d
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=bannerbuy
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=compare
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=dbproduct
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=download
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=expired
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=faq
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=feature
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=feedback
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=filerupt
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=forum
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=gaexpired
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=help
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=helptranslate
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=htmlfailed
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=index
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=install
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=likefb
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=lostcode
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=multipcexpired
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=othupdate
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=proupdate
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=purchase
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=purchase-%d
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=regexpired
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=reggaexpired
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=regovermax
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=revokedkey
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=update
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=usermanual
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/appgoto.php?to=vertoold
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/cloud/db/index.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/compare/db/index.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/driver-booster-pro.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/faq.php?product=db
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/feedback/db/feedback.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/goto.php?id=dbproregister
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/goto.php?id=dbsurvey
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/goto.php?id=likefb01_DB
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/goto.php?id=plusgp01_DB
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/goto.php?id=plusgp01_DBU
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/hotquestions-db.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/install/db/index.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/lostcode.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.iobit.com/productfeedback.php?product=driver-booster
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000046D4000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000049B1000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004378000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.kuwo.cn0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.ludashi.com0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/rfc/bcp/bcp47.txt
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.super-ec.cn
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.sysinternals.com
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: http://www.winimage.com/zLibDll
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: http://www.winimage.com/zLibDll1.2.3
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeString found in binary or memory: http://www.yahoo.com
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042962146.0000000003BC5000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000005051000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.zlib.net/D
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhi.hfnuola.com/pc/BaiZhu/Request
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhi.hfnuola.com/pc/DesktopComponent/GetPopupList
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhi.hfnuola.com/pc/Device/ClientHardwareConfig
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhi.hfnuola.com/pc/LockWallpaper/Get
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhi.hfnuola.com/pc/LockWallpaper/Gethttps://bizhi.hfnuola.com/pc/LockWallpaper/Wallpaperht
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhi.hfnuola.com/pc/LockWallpaper/Wallpaper
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhi.hfnuola.com/pc/adApi/plugRecommendNew
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhi.hfnuola.com/pc/adApi/plugRecommendNew%s?channel=%shttps://bizhi.hfnuola.com/pc/desktop
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhi.hfnuola.com/pc/agg/StartUp
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhi.hfnuola.com/pc/agg/hour
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhi.hfnuola.com/pc/desktopSubject
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhi.hfnuola.com/pc/fhbzApi/checkFile
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhi.hfnuola.com/pc/v/AfterLocalSet
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhi.hfnuola.com/pc/v/AfterLocalSethttps://bizhi.hfnuola.com/pc/DesktopComponent/GetPopupLi
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhi.hfnuola.com/pc/v/FilterPayWallpaper
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhi.hfnuola.com/pc/v/wallpaperInfoMulti
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhi.hfnuola.com/pc/v/wallpaperInfoMulti%sFFSL.exe
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhiweb.hfnuola.com/clientNew/index.html
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhiweb.hfnuola.com/clientNew/index.htmlchrome-error://chromewebdata_err:firstNav_
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhiweb.hfnuola.com/web/advertising.html?type=
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhiweb.hfnuola.com/web/advertising.html?type=9IagJ4qlKos8A8lm
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://bizhiweb.hfnuola.com/web/vip.htmlhttps://bizhiweb.hfnuola.com/web/payNew.html%s?channel=%s&p
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005246000.00000004.00001000.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://collect.installeranalytics.com
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005246000.00000004.00001000.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://collect.installeranalytics.comhttp://collect.installeranalytics.comhttps://installeranalytic
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.000000000324C000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0)
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.000000000324C000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0.
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hao.360.cnstrtolwcstombsmbstowcsiexplore.exe360chrome.exe360se.exeSafehmpgHelperkslaunchwsaf
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://idea.hfnuola.com
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://idea.hfnuola.com20012rgbautoStartauto_start_slienthideDesktopIconpauseVidoset_mute_on_fullsc
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeString found in binary or memory: https://installeranalytics.com
                    Source: OTGContainer.exe.18.drString found in binary or memory: https://logs.hfnuola.com
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://s1.driverboosterscan.com/worker.php
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://s2.driverboosterscan.com/worker.php
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005313000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.000000000324C000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://sectigo.com/CPS0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0B
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/iobitsoft
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeString found in binary or memory: https://www.advancedinstaller.com
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2130186591.0000000000A44000.00000002.00000001.01000000.0000001D.sdmp, MemDefrag.dll.9.drString found in binary or memory: https://www.digicert.com/CPS0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/03
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/06
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gnu.org/licenses/
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://www.hfnuola.com
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drString found in binary or memory: https://www.hfnuola.com/select
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.itrus.com.cn0
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeString found in binary or memory: https://www.thawte.com/cps0/
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeString found in binary or memory: https://www.thawte.com/repository0W
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00AD0F5C OpenClipboard,GlobalAlloc,GlobalLock,EmptyClipboard,SetClipboardData,GlobalUnlock,18_2_00AD0F5C
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00AD0F5C OpenClipboard,GlobalAlloc,GlobalLock,EmptyClipboard,SetClipboardData,GlobalUnlock,18_2_00AD0F5C
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00ABC328 GetClipboardData,CopyEnhMetaFileA,GetEnhMetaFileHeader,18_2_00ABC328
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00CFA2A0 SendMessageW,GetParent,GetParent,GetWindowRect,GetParent,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,MapWindowPoints,FillRect,DeleteDC,SendMessageW,SendMessageW,SendMessageW,0_2_00CFA2A0
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00AF7AD4 GetMessagePos,GetKeyboardState,18_2_00AF7AD4
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeWindows user hook set: 0 mouse low level C:\Windows\SYSTEM32\DINPUT8.dll
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: RegisterRawInputDevicesmemstr_29bc8dec-4
                    Source: Yara matchFile source: Process Memory Space: e8a0d5af432b7e64DBD.exe PID: 7580, type: MEMORYSTR

                    Spam, unwanted Advertisements and Ransom Demands

                    barindex
                    Yara detected BlackMoon Ransomware
                    Source: Yara matchFile source: 18.2.Bor32-update-flase.exe.310950e.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 18.2.Bor32-update-flase.exe.310950e.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Bor32-update-flase.exe PID: 7916, type: MEMORYSTR
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B2F1A0 OpenDesktopA,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateDesktopA,18_2_00B2F1A0

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 18.2.Bor32-update-flase.exe.310950e.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
                    Source: 18.2.Bor32-update-flase.exe.310950e.5.unpack, type: UNPACKEDPEMatched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\HackPatch.dll, type: DROPPEDMatched rule: Detects Mimikatz by using some special strings Author: Florian Roth
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\HackPatch.dll, type: DROPPEDMatched rule: Detects Mimikatz strings Author: Florian Roth
                    Source: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HackPatch.dll, type: DROPPEDMatched rule: Detects Mimikatz by using some special strings Author: Florian Roth
                    Source: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HackPatch.dll, type: DROPPEDMatched rule: Detects Mimikatz strings Author: Florian Roth
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D5F0D0 NtdllDefWindowProc_W,0_2_00D5F0D0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00CD7A10 GetSystemDirectoryW,LoadLibraryExW,NtdllDefWindowProc_W,0_2_00CD7A10
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C22390 KillTimer,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DeleteCriticalSection,0_2_00C22390
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00CBC330 NtdllDefWindowProc_W,0_2_00CBC330
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C144A0 GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,NtdllDefWindowProc_W,0_2_00C144A0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C1E540 NtdllDefWindowProc_W,0_2_00C1E540
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C1E6B0 IsWindow,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,0_2_00C1E6B0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C14BC0 SysFreeString,SysAllocString,GetWindowLongW,GetWindowLongW,GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,GetWindowLongW,SetWindowTextW,GlobalAlloc,GlobalLock,GlobalUnlock,SetWindowLongW,SysFreeString,NtdllDefWindowProc_W,SysFreeString,0_2_00C14BC0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C710D0 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,0_2_00C710D0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C17190 GetWindowLongW,SetWindowLongW,NtdllDefWindowProc_W,DestroyWindow,0_2_00C17190
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C15220 NtdllDefWindowProc_W,0_2_00C15220
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C358F0 NtdllDefWindowProc_W,0_2_00C358F0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C178B0 NtdllDefWindowProc_W,0_2_00C178B0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C27AC0 NtdllDefWindowProc_W,0_2_00C27AC0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C17E70 NtdllDefWindowProc_W,0_2_00C17E70
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00CD7A10 GetSystemDirectoryW,LoadLibraryExW,NtdllDefWindowProc_W,3_2_00CD7A10
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C710D0 NtdllDefWindowProc_W,3_2_00C710D0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C17190 NtdllDefWindowProc_W,3_2_00C17190
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C15220 NtdllDefWindowProc_W,3_2_00C15220
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C22390 NtdllDefWindowProc_W,DeleteCriticalSection,3_2_00C22390
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00CBC330 NtdllDefWindowProc_W,3_2_00CBC330
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C144A0 NtdllDefWindowProc_W,GlobalAlloc,GlobalLock,GlobalUnlock,NtdllDefWindowProc_W,3_2_00C144A0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C1E540 NtdllDefWindowProc_W,3_2_00C1E540
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C1E6B0 NtdllDefWindowProc_W,3_2_00C1E6B0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C358F0 NtdllDefWindowProc_W,3_2_00C358F0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C178B0 NtdllDefWindowProc_W,3_2_00C178B0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C27AC0 NtdllDefWindowProc_W,3_2_00C27AC0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C17E70 NtdllDefWindowProc_W,3_2_00C17E70
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_009769D8 inet_addr,ntohl,lstrcmpiA,18_2_009769D8
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00976A24 ntohl,inet_ntoa,18_2_00976A24
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B2CA0C inet_addr,ntohl,lstrcmpiA,18_2_00B2CA0C
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B2CA58 ntohl,inet_ntoa,18_2_00B2CA58
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006AA063: __EH_prolog3,GetFileInformationByHandle,DeviceIoControl,9_2_006AA063
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile created: C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGXlong.sys
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\5a2ae2.msiJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2C69.tmpJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2CC8.tmpJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2D07.tmpJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2D66.tmpJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2D96.tmpJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI516B.tmpJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI519B.tmpJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{AF084EDE-DB6F-45F9-8AB2-9750C7AF5081}Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI52B5.tmpJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI788D.tmpJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7DAF.tmpJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\windows\Installer\libjyy.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI2C69.tmpJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C208800_2_00C20880
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D34CA00_2_00D34CA0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C280800_2_00C28080
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C2C1160_2_00C2C116
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C2C1270_2_00C2C127
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C242000_2_00C24200
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C045FE0_2_00C045FE
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C745B00_2_00C745B0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C1EAF00_2_00C1EAF0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00CFAA200_2_00CFAA20
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00DCCBBA0_2_00DCCBBA
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00DBCEC00_2_00DBCEC0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D2CFD00_2_00D2CFD0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C030100_2_00C03010
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00DBD24E0_2_00DBD24E
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C2F4E00_2_00C2F4E0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C2B4610_2_00C2B461
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00DD16390_2_00DD1639
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C2DAC00_2_00C2DAC0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C61D0700_2_6C61D070
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C60DB000_2_6C60DB00
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C6394600_2_6C639460
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C61F4200_2_6C61F420
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C637C1A0_2_6C637C1A
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C6196900_2_6C619690
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C649FE70_2_6C649FE7
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C6400FA0_2_6C6400FA
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C63788C0_2_6C63788C
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C6421000_2_6C642100
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C60F1800_2_6C60F180
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C643B890_2_6C643B89
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C280803_2_00C28080
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C030103_2_00C03010
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C242003_2_00C24200
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C2F4E03_2_00C2F4E0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C2B4613_2_00C2B461
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C045FE3_2_00C045FE
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C745B03_2_00C745B0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00DD16393_2_00DD1639
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00DCF7113_2_00DCF711
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C2DAC03_2_00C2DAC0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C1EAF03_2_00C1EAF0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00CFAA203_2_00CFAA20
                    Source: C:\Windows\Installer\MSI7DAF.tmpCode function: 8_2_0023D2378_2_0023D237
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006CE3199_2_006CE319
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006C23DA9_2_006C23DA
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006C45F79_2_006C45F7
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006DEB3E9_2_006DEB3E
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006AC09C9_2_006AC09C
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_0071C1409_2_0071C140
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_007001049_2_00700104
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006DC1119_2_006DC111
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_007003619_2_00700361
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006E65659_2_006E6565
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_007005BE9_2_007005BE
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_0071C6809_2_0071C680
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006B47129_2_006B4712
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_0070082A9_2_0070082A
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006E68D79_2_006E68D7
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006EA8BE9_2_006EA8BE
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006C8A0D9_2_006C8A0D
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006BEAC49_2_006BEAC4
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_0071CB309_2_0071CB30
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006E6B819_2_006E6B81
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_0071ACC29_2_0071ACC2
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006E6E489_2_006E6E48
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006BAE299_2_006BAE29
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006D8EC19_2_006D8EC1
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006FEF0B9_2_006FEF0B
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006FF13A9_2_006FF13A
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006E71039_2_006E7103
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006A10009_2_006A1000
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006FF3749_2_006FF374
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006BF3529_2_006BF352
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006C73959_2_006C7395
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006F34AD9_2_006F34AD
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006AD4909_2_006AD490
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006C15F59_2_006C15F5
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006FF5A39_2_006FF5A3
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006BD6F39_2_006BD6F3
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006FF7D29_2_006FF7D2
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006BF7839_2_006BF783
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_007218909_2_00721890
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006D59C79_2_006D59C7
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006FFA0C9_2_006FFA0C
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006FFC3B9_2_006FFC3B
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006BFCAB9_2_006BFCAB
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006FFE989_2_006FFE98
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_009322F418_2_009322F4
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B1629C18_2_00B1629C
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00A623E418_2_00A623E4
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B0C3E818_2_00B0C3E8
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00A6651018_2_00A66510
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B0A6B018_2_00B0A6B0
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B166CC18_2_00B166CC
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00AE87D018_2_00AE87D0
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B169C818_2_00B169C8
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B0AA7918_2_00B0AA79
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B18E8818_2_00B18E88
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B1509418_2_00B15094
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B1551018_2_00B15510
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B1762818_2_00B17628
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B0F66818_2_00B0F668
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00AD77F418_2_00AD77F4
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B11B3418_2_00B11B34
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B722E418_2_00B722E4
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B0AE5C18_2_00B0AE5C
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeProcess token adjusted: Security
                    Source: C:\Windows\Installer\MSI7DAF.tmpCode function: String function: 002329E0 appears 33 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: String function: 006E2F70 appears 63 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: String function: 00709CD9 appears 60 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: String function: 006F0FCC appears 87 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: String function: 006E31BA appears 36 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: String function: 006E31A7 appears 31 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: String function: 006E3225 appears 36 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: String function: 006E31F1 appears 336 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: String function: 006E325C appears 35 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: String function: 0070BEAC appears 31 times
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: String function: 00DB2072 appears 33 times
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: String function: 00DB4A5A appears 42 times
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: String function: 00DB5370 appears 38 times
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: String function: 00D182C0 appears 58 times
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: String function: 00C07160 appears 99 times
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: String function: 00C07270 appears 40 times
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: String function: 00C092A0 appears 68 times
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: String function: 00C070B0 appears 49 times
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: String function: 00C07D00 appears 683 times
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: String function: 6C6308F0 appears 50 times
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: String function: 00C20880 appears 47 times
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: String function: 00C09800 appears 71 times
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: String function: 00DCE2CD appears 33 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: String function: 00952FEC appears 96 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: String function: 00A72524 appears 33 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: String function: 00934F08 appears 33 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: String function: 009351FC appears 36 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: String function: 00A89318 appears 96 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: String function: 00A65220 appears 44 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: String function: 00A6514C appears 32 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: String function: 00A65274 appears 34 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: String function: 00A67C18 appears 82 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: String function: 00934EE4 appears 110 times
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: String function: 00A65538 appears 36 times
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: invalid certificate
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: Resource name: RT_VERSION type: PDP-11 overlaid pure executable not stripped
                    Source: fixsc.dll.0.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                    Source: fixsc64.dll.0.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                    Source: libcurrant.dll.0.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                    Source: libzdtp.dll.0.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                    Source: libzdtp64.dll.0.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                    Source: fixsc.dll.1.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                    Source: fixsc64.dll.1.drStatic PE information: Resource name: RT_VERSION type: 370 sysV pure executable not stripped
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeBinary or memory string: OriginalFilename vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005313000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInstallerAnalytics.dllF vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005313000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefhbjyy.exeP vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005313000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameembeddeduiproxy.dllF vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005246000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSoftwareDetector.dllF vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1676650198.0000000003A80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameembeddeduiproxy.dllF vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1676650198.0000000003A80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInstallerAnalytics.dllF vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1707035647.0000000005014000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewininet.dllD vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1663913366.0000000000722000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDecoder.dllF vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005000000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePrereq.dllF vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005000000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelzmaextractor.dllF vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005000000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAICustAct.dllF vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000002.2087378335.000000006C69B000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilenameInstallerAnalytics.dllF vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000003.00000003.1784669552.000000000421B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameembeddeduiproxy.dllF vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000003.00000003.1784669552.000000000421B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInstallerAnalytics.dllF vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000003.00000003.1781109686.000000000131F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameembeddeduiproxy.dllF vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000003.00000003.1781109686.000000000131F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameInstallerAnalytics.dllF vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000003.00000003.1784899160.0000000003881000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewininet.dllD vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeBinary or memory string: OriginalFilenameDecoder.dllF vs Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                    Source: 18.2.Bor32-update-flase.exe.310950e.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
                    Source: 18.2.Bor32-update-flase.exe.310950e.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\HackPatch.dll, type: DROPPEDMatched rule: Mimikatz_Gen_Strings date = 2017-06-19, hash3 = f35b589c1cc1c98c4c4a5123fd217bdf0d987c00d2561992cbfb94bd75920159, hash2 = eefd4c038afa0e80cf6521c69644e286df08c0883f94245902383f50feac0f85, author = Florian Roth, description = Detects Mimikatz by using some special strings, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 058cc8b3e4e4055f3be460332a62eb4cbef41e3a7832aceb8119fd99fea771c4
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\HackPatch.dll, type: DROPPEDMatched rule: Mimikatz_Strings date = 2016-06-08, author = Florian Roth, description = Detects Mimikatz strings, score = , reference = not set, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HackPatch.dll, type: DROPPEDMatched rule: Mimikatz_Gen_Strings date = 2017-06-19, hash3 = f35b589c1cc1c98c4c4a5123fd217bdf0d987c00d2561992cbfb94bd75920159, hash2 = eefd4c038afa0e80cf6521c69644e286df08c0883f94245902383f50feac0f85, author = Florian Roth, description = Detects Mimikatz by using some special strings, reference = Internal Research, license = https://creativecommons.org/licenses/by-nc/4.0/, super_rule = 058cc8b3e4e4055f3be460332a62eb4cbef41e3a7832aceb8119fd99fea771c4
                    Source: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HackPatch.dll, type: DROPPEDMatched rule: Mimikatz_Strings date = 2016-06-08, author = Florian Roth, description = Detects Mimikatz strings, score = , reference = not set, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: D:\dbs\el\ddvsm\out\Intermediate\vscommon\perfwatson2.csproj_FB008427_ret\objr\amd64\PerfWatson2.pdb
                    Source: classification engineClassification label: mal84.rans.troj.spyw.evad.winEXE@23/435@0/1
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D1E5B0 FormatMessageW,GetLastError,0_2_00D1E5B0
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006B828A GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,9_2_006B828A
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006AB687 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,FreeLibrary,9_2_006AB687
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D4B860 GetDiskFreeSpaceExW,0_2_00D4B860
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D63E80 CoCreateInstance,0_2_00D63E80
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C09160 LoadResource,LockResource,SizeofResource,0_2_00C09160
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFBJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\AdvinstAnalyticsJump to behavior
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7700:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7792:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7588:120:WilError_03
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeMutant created: \Sessions\1\BaseNamedObjects\??
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeMutant created: \Sessions\1\BaseNamedObjects\NIpizDg64rfvhLyrCQMywaHQBENjzMv1R6uEoR8NfcvFEqARIU
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\Temp\INA8055.tmpJump to behavior
                    Source: Yara matchFile source: 15.0.Bor32-update-flase.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000009.00000003.2021130019.0000000002EE6000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000F.00000000.2077543981.0000000000401000.00000020.00000001.01000000.00000010.sdmp, type: MEMORY
                    Source: Yara matchFile source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\rtl120.bpl, type: DROPPED
                    Source: Yara matchFile source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe, type: DROPPED
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile read: C:\Program Files (x86)\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeString found in binary or memory: https://installeranalytics.com
                    Source: Bor32-update-flase.exeString found in binary or memory: ISO_6937-2-add
                    Source: Bor32-update-flase.exeString found in binary or memory: JIS_C6229-1984-b-add
                    Source: Bor32-update-flase.exeString found in binary or memory: jp-ocr-b-add
                    Source: Bor32-update-flase.exeString found in binary or memory: JIS_C6229-1984-hand-add
                    Source: Bor32-update-flase.exeString found in binary or memory: jp-ocr-hand-add
                    Source: Bor32-update-flase.exeString found in binary or memory: NATS-DANO-ADD
                    Source: Bor32-update-flase.exeString found in binary or memory: NATS-SEFI-ADD
                    Source: Bor32-update-flase.exeString found in binary or memory: addon-installstart
                    Source: Bor32-update-flase.exeString found in binary or memory: addon-installover
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile read: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe "C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe"
                    Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 1D35FE1868B50914AC73C4C1E92E866C C
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeProcess created: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe "C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe" /i "C:\Program Files (x86)\WindowsInstallerFB\7AF5081\DAN_127.msi" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\BtDDIFUEHLCR" SECONDSEQUENCE="1" CLIENTPROCESSID="5324" AI_MORE_CMD_LINE=1
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding D34C0DB36F96DC933127EB55CBA7C9C2
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI7DAF.tmp "C:\Windows\Installer\MSI7DAF.tmp"
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess created: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe "C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe" x "C:\Program Files (x86)\BtDDIFUEHLCR\TLGCBXAGVFLQ.KBI" -o"C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1" -pJHKQFETWJKTIHLLBOKO -aos -y
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess created: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe "C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe" x "C:\Program Files (x86)\BtDDIFUEHLCR\SUGIPFIMNRQE.TMA" -o"C:\Program Files (x86)\BtDDIFUEHLCR" -pMNHWOTMLOHTPVRFXPCH -aos -y
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess created: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe "C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe" x "C:\Program Files (x86)\BtDDIFUEHLCR\TMGJRLDUDWLQ.FCU" -o"C:\Users\user\AppData\Roaming" -pPXOEWCVFPIJPLHQSQSX -aos -y
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe "C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe"
                    Source: unknownProcess created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe "C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe"
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeProcess created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe "C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe"
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeProcess created: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe "C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe" /i "C:\Program Files (x86)\WindowsInstallerFB\7AF5081\DAN_127.msi" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\BtDDIFUEHLCR" SECONDSEQUENCE="1" CLIENTPROCESSID="5324" AI_MORE_CMD_LINE=1Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 1D35FE1868B50914AC73C4C1E92E866C CJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding D34C0DB36F96DC933127EB55CBA7C9C2Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSI7DAF.tmp "C:\Windows\Installer\MSI7DAF.tmp"Jump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess created: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe "C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe" x "C:\Program Files (x86)\BtDDIFUEHLCR\TLGCBXAGVFLQ.KBI" -o"C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1" -pJHKQFETWJKTIHLLBOKO -aos -yJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess created: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe "C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe" x "C:\Program Files (x86)\BtDDIFUEHLCR\SUGIPFIMNRQE.TMA" -o"C:\Program Files (x86)\BtDDIFUEHLCR" -pMNHWOTMLOHTPVRFXPCH -aos -yJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess created: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe "C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe" x "C:\Program Files (x86)\BtDDIFUEHLCR\TMGJRLDUDWLQ.FCU" -o"C:\Users\user\AppData\Roaming" -pPXOEWCVFPIJPLHQSQSX -aos -yJump to behavior
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeProcess created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe "C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe"
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: msi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: usp10.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: msls31.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: davhlpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: msimg32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: cabinet.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: lpk.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: msihnd.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: wkscli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: riched20.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: atlthunk.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: textinputframework.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: coreuicomponents.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: coremessaging.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: explorerframe.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: tsappcmp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: cryptnet.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: pcacli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: napinsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: pnrpnsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wshbth.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: nlaapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winrnr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netprofm.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: npmproxy.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samlib.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: napinsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: pnrpnsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wshbth.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: nlaapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winrnr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samlib.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sxs.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: msi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: usp10.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: msls31.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: davhlpr.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: msimg32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: cabinet.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: lpk.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: msihnd.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: wkscli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: riched20.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: tsappcmp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: pcacli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dbghelp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: libjyy.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: edputil.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: wintypes.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: appresolver.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: slc.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: sppc.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: apphelp.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: pcacli.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: mpr.dllJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpSection loaded: sfc_os.dllJump to behavior
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeSection loaded: kernel.appcore.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeSection loaded: kernel.appcore.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeSection loaded: kernel.appcore.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeSection loaded: kernel.appcore.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeSection loaded: kernel.appcore.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeSection loaded: kernel.appcore.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: version.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: wsock32.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: upsdk.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: tdpcontrol.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: tdpstat.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: libcurl.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: mpr.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: wininet.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: tdpinfo.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: wship6.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: hipsdiamain.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: msvcr100.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: kernel.appcore.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: uxtheme.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: cryptsp.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: rsaenh.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: sspicli.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: cryptbase.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: napinsp.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: pnrpnsp.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: wshbth.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: nlaapi.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: iphlpapi.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: mswsock.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: dnsapi.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: winrnr.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: windows.storage.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: wldp.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: apphelp.dll
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: libmini.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: netdevenvspeed.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: winmm.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: dxgi.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: dinput8.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: wininet.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: inputhost.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: coremessaging.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: coreuicomponents.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: ntmarta.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: napinsp.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: pnrpnsp.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: wshbth.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: nlaapi.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: winrnr.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: hid.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: devobj.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: winmmbase.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: mmdevapi.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: ksuser.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: avrt.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: audioses.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: powrprof.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: umpdc.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: msacm32.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: midimap.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: devenum.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: msdmo.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: resourcepolicyclient.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: avicap32.dll
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeSection loaded: msvfw32.dll
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile written: C:\Users\user\AppData\Local\AdvinstAnalytics\6627be3e20a59ade4c1add8b\1.1.6\tracking.iniJump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic file information: File size 28924664 > 1048576
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile opened: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft.VC90.CRT\msvcr90.dll
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x237c00
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\oDayProtect.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\dbs\el\ddvsm\out\Intermediate\vscommon\perfwatson2.csproj_FB008427_ret\objr\amd64\PerfWatson2.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: msvcp100.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000046D4000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMOfficeScan.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QQPCHwNetwork.pdbRR#GCTL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: c:\vmagent_new\bin\joblist\622859\src\x\x86_ntvbld\objfre_win7_x86\i386\ntvbld.pdb` source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\build\ob\bora-19436861\cayman_gettext\gettext\MSVC14\libintl_dll\Release\libintl_dll.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\gitproj\7z2201-src\CPP\7zip\UI\Console\Release\Console.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000002.2048756739.0000000000728000.00000002.00000001.01000000.0000000E.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000000.2000088539.0000000000728000.00000002.00000001.01000000.0000000E.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000000.2049813150.0000000000728000.00000002.00000001.01000000.0000000E.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000002.2064919257.0000000000728000.00000002.00000001.01000000.0000000E.sdmp, e8a0d5af432b7e64DBD.exe, 0000000D.00000002.2068010090.0000000000728000.00000002.00000001.01000000.0000000E.sdmp, e8a0d5af432b7e64DBD.exe, 0000000D.00000000.2066593628.0000000000728000.00000002.00000001.01000000.0000000E.sdmp
                    Source: Binary string: D:\build\ob\bora-20800274\bora\build\build\LIBRARIES\vmwarestring\win32\release\vmwarestring.pdb!! source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMOfficeScanX64.pdb'' GCTL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: e:\KWSING\trunk\KwResource\pdb\release\HTTPRequest.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: mfc90.i386.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004378000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\build\ob\bora-20800274\bora\build\build\LIBRARIES\vmwarestring\win32\release\vmwarestring.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\8168\vc98\dev\bin\vcspawn.pdbMZ source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: msvcr120.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000049B1000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMDns.pdbDD!GCTL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\Projects\WinRAR\rar\build\rar32\Release\RAR.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\InstallerAnalytics.pdbz source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005246000.00000004.00001000.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMDns.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: e:\KWSING\trunk\KwResource\pdb\release\KwCommonUI.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: wininet.pdbUGP source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1707035647.0000000005014000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000003.00000003.1784899160.0000000003881000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: c:\vmagent_new\bin\joblist\622869\src\x\x64_ntvbld\objfre_win7_amd64\amd64\ntvbld64.pdbL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\build\ob\bora-22583795\bora\build\build\authd\release\win32\vmware-authd.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: c:\vmagent_new\bin\joblist\622859\src\x\x86_ntvbld\objfre_win7_x86\i386\ntvbld.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: h:\ch1\src\sandbox\wow_helper\wow_helper.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMEventBus.pdbZZ source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: msvcr110.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000049B1000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\vmagent_new\bin\joblist\419058\out\Release\360AppCore.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.000000000408F000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMAVProxy.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdbb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005000000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\build\ob\bora-19188697\cayman_glib\glib\src\build\win32\vs14\Release\Win32\bin\gmodule-2.0.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\ExternalUi.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Binary string: D:\build\ob\bora-22583795\bora\build\build\vmware-autostart\release\win32\vmware-autostart.pdb.. source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\agent\_work\2\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000047FB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000044D2000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\Decoder.pdb8 source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Binary string: msvcp90.i386.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000049B1000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QQFileFlt.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\agent\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_2.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000047FB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000044D2000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: libEGL.dll.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\agent\_work\2\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: c:\vmagent_new\bin\joblist\622869\src\x\x64_ntvbld\objfre_win7_amd64\amd64\ntvbld64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\build\ob\bora-22583795\bora\build\build\authd\release\win32\vmware-authd.pdb-- source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\bin\x86\embeddeduiproxy.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005313000.00000004.00001000.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1676650198.0000000003A80000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000003.00000003.1784669552.000000000421B000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000003.00000003.1781109686.000000000131F000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: rundll32.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\build\ob\bora-21885936\cayman_zlib\build\release\win32_vc140\zlib\build\zlib1.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042962146.0000000003BC5000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000005051000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMRtpDLL.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\MemDefrag.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, MemDefrag.dll.9.dr
                    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\InstallerAnalytics.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005246000.00000004.00001000.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmp
                    Source: Binary string: C:\test\intelligentDemo\PackageMgr\Release\PackageMgr.pdb//' source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdbo source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005000000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMAVProxy.pdb__(GCTL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: wininet.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1707035647.0000000005014000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000003.00000003.1784899160.0000000003881000.00000004.00000020.00020000.00000000.sdmp
                    Source: Binary string: msvcr90.i386.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004CF9000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\build\ob\bora-21885936\cayman_zlib\build\release\win32_vc140\zlib\build\zlib1.pdb$$ source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042962146.0000000003BC5000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000005051000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: e:\KWSING\trunk\KwResource\pdb\release\KwLayoutMgr.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QQFileFlt.pdb.. GCTL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\build\ob\bora-20800274\bora\build\build\LIBRARIES\vmauthd-log\win32\release\vmauthd.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: e:\KWSING\trunk\KwResource\pdb\release\KwLayoutMgr.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\MemDefrag.pdbII#GCTL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, MemDefrag.dll.9.dr
                    Source: Binary string: D:\a\_work\1\s\obj\VS\Microsoft.VisualStudio.Web.Host\Release\Microsoft.VisualStudio.Web.Host.pdbf source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: e:\KWSING\trunk\KwResource\pdb\release\KwLib.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: .pdb% source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2131881089.0000000002568000.00000040.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMEventBus.pdb source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\agent\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060498180.0000000003E80000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2060700308.0000000004080000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\stubs\x86\Decoder.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMOfficeScan.pdbLL%GCTL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\Administrator\Desktop\etcp5.0\Release\etcp.pdb source: Bor32-update-flase.exe, 00000012.00000002.2131881089.0000000002560000.00000040.00001000.00020000.00000000.sdmp
                    Source: Binary string: libEGL.dll.pdbs source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: msvcr80.i386.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000049B1000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: msvcp120.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000047FB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000044D2000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: msvcr100.i386.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000049B1000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000044D2000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, Bor32-update-flase.exe, 00000012.00000002.2138244917.000000006F7F1000.00000020.00000001.01000000.00000017.sdmp
                    Source: Binary string: d:\build\ob\bora-19436861\cayman_gettext\gettext\MSVC14\libintl_dll\Release\libintl_dll.pdb11 source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: msvcp110.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000046D4000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\oDayProtect.pdbAA#GCTL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: msvcp80.i386.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000047FB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\8168\vc98\dev\bin\vcspawn.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\AICustAct.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005000000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QQPCHwNetwork.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: G:\CLIENT\fhbemb\src\bin\Release\fhjyy.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005313000.00000004.00001000.00020000.00000000.sdmp, MSI7DAF.tmp, 00000008.00000000.1998413401.000000000023E000.00000002.00000001.01000000.0000000C.sdmp, MSI7DAF.tmp, 00000008.00000002.2068600823.000000000023E000.00000002.00000001.01000000.0000000C.sdmp
                    Source: Binary string: C:\test\intelligentDemo\PackageMgr\Release\PackageMgr.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: e:\KWSING\trunk\KwResource\pdb\release\kwlogsvr.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMOfficeScanX64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: e:\KWSING\trunk\KwResource\pdb\release\KwLib.pdbp source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\agent\_work\2\s\\binaries\amd64ret\bin\amd64\\msvcp140_1.amd64.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000047FB000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000044D2000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: h:\ch1\src\sandbox\wow_helper\wow_helper.pdbp source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\Prereq.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005000000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\build\ob\bora-22583795\bora\build\build\vmware-autostart\release\win32\vmware-autostart.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: G:\CLIENT\fhbemb\src\bin\Release_NL\fhbmini.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, Haloonoroff.exe, 00000013.00000000.2112966039.0000000000B9E000.00000002.00000001.01000000.00000019.sdmp
                    Source: Binary string: C:\vmagent_new\bin\joblist\368203\out\Release\HipsLog.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: d:\agent\_work\2\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: E:\qci_workspace\root-workspaces\__qci-pipeline-1196123-1\Basic\Output\BinFinal\QMRtpDLL.pdbWW'GCTL source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: G:\CLIENT\WallPaper_feihuo\windows\FFWallpaper\bin\Release\bfcipc.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: \WallPaper\windows\FFWallpaper\bin\Release\FFWallpaper.pdb source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.dr
                    Source: Binary string: D:\a\_work\1\s\obj\VS\Microsoft.VisualStudio.Web.Host\Release\Microsoft.VisualStudio.Web.Host.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\SoftwareDetector.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005000000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: D:\build\ob\bora-20800274\bora\build\build\LIBRARIES\basichttp\win32\release\basichttp.pdb source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp
                    Source: Binary string: C:\ReleaseAI\win\Release\custact\x86\lzmaextractor.pdb source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005000000.00000004.00001000.00020000.00000000.sdmp
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                    Source: shi8085.tmp.0.drStatic PE information: 0xC7FEC470 [Wed Apr 29 05:06:56 2076 UTC]
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D1E740 LoadLibraryW,GetProcAddress,LoadImageW,FreeLibrary,0_2_00D1E740
                    Source: NetmTray.dll.0.drStatic PE information: section name: .menu_sh
                    Source: NetmTray64.dll.0.drStatic PE information: section name: .menu_sh
                    Source: npaxlogin.dll.0.drStatic PE information: section name: .orpc
                    Source: Ntvbld64.dll.0.drStatic PE information: section name: .share
                    Source: HackPatch.dll.0.drStatic PE information: section name: PlugImm
                    Source: HotfixCommon.dll.0.drStatic PE information: section name: .detourc
                    Source: HotfixCommon.dll.0.drStatic PE information: section name: .detourd
                    Source: HotfixCommon64.dll.0.drStatic PE information: section name: .detourc
                    Source: HotfixCommon64.dll.0.drStatic PE information: section name: .detourd
                    Source: ieplus.dll.0.drStatic PE information: section name: .360_iep
                    Source: ieplus64.dll.0.drStatic PE information: section name: .360_iep
                    Source: iNetSafe.dll.0.drStatic PE information: section name: .shared
                    Source: iNetSafe64.dll.0.drStatic PE information: section name: .detourc
                    Source: iNetSafe64.dll.0.drStatic PE information: section name: .detourd
                    Source: libzdtp.dll.0.drStatic PE information: section name: .detourc
                    Source: libzdtp.dll.0.drStatic PE information: section name: .detourd
                    Source: libzdtp64.dll.0.drStatic PE information: section name: .detourc
                    Source: libzdtp64.dll.0.drStatic PE information: section name: .detourd
                    Source: shi8085.tmp.0.drStatic PE information: section name: .wpp_sf
                    Source: shi8085.tmp.0.drStatic PE information: section name: .didat
                    Source: NetmTray.dll.1.drStatic PE information: section name: .menu_sh
                    Source: NetmTray64.dll.1.drStatic PE information: section name: .menu_sh
                    Source: npaxlogin.dll.1.drStatic PE information: section name: .orpc
                    Source: Ntvbld64.dll.1.drStatic PE information: section name: .share
                    Source: HackPatch.dll.1.drStatic PE information: section name: PlugImm
                    Source: HotfixCommon.dll.1.drStatic PE information: section name: .detourc
                    Source: HotfixCommon.dll.1.drStatic PE information: section name: .detourd
                    Source: HotfixCommon64.dll.1.drStatic PE information: section name: .detourc
                    Source: HotfixCommon64.dll.1.drStatic PE information: section name: .detourd
                    Source: ieplus.dll.1.drStatic PE information: section name: .360_iep
                    Source: ieplus64.dll.1.drStatic PE information: section name: .360_iep
                    Source: iNetSafe.dll.1.drStatic PE information: section name: .shared
                    Source: iNetSafe64.dll.1.drStatic PE information: section name: .detourc
                    Source: iNetSafe64.dll.1.drStatic PE information: section name: .detourd
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A15462 push es; ret 0_3_03A1546E
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A15462 push es; ret 0_3_03A1546E
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A06C4F push 600072D9h; ret 0_3_03A06DD9
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A06C4F push 600072D9h; ret 0_3_03A06DD9
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A06DDC pushad ; ret 0_3_03A06DDD
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A06DDC pushad ; ret 0_3_03A06DDD
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A15462 push es; ret 0_3_03A1546E
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A15462 push es; ret 0_3_03A1546E
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A06C4F push 600072D9h; ret 0_3_03A06DD9
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A06C4F push 600072D9h; ret 0_3_03A06DD9
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A06DDC pushad ; ret 0_3_03A06DDD
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A06DDC pushad ; ret 0_3_03A06DDD
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_006E5472 push esi; iretd 0_3_006E552C
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_006E23ED push es; iretd 0_3_006E23EA
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A288B4 pushad ; retf 0_3_03A288B5
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A288B4 pushad ; retf 0_3_03A288B5
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A288B4 pushad ; retf 0_3_03A288B5
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A219BE pushfd ; ret 0_3_03A21A85
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A2049B pushad ; retf 0_3_03A2049C
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A268CC push eax; retf 0072h0_3_03A268CD
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A268CC push eax; retf 0072h0_3_03A268CD
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A268CC push eax; retf 0072h0_3_03A268CD
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A21C3E pushfd ; ret 0_3_03A220C5
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A288B4 pushad ; retf 0_3_03A288B5
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A288B4 pushad ; retf 0_3_03A288B5
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A288B4 pushad ; retf 0_3_03A288B5
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A219BE pushfd ; ret 0_3_03A21A85
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A2049B pushad ; retf 0_3_03A2049C
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A268CC push eax; retf 0072h0_3_03A268CD
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A268CC push eax; retf 0072h0_3_03A268CD
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_3_03A268CC push eax; retf 0072h0_3_03A268CD

                    Persistence and Installation Behavior

                    barindex
                    Drops executables to the windows directory (C:\Windows) and starts them
                    Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSI7DAF.tmpJump to behavior
                    Sample is not signed and drops a device driver
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile created: C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGXlong.sys
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: \installer espt masa pph versi 2.0#u007e26022009.exe
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: \installer espt masa pph versi 2.0#u007e26022009.exeJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\ntvbld.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\madDisAsm_.bplJump to dropped file
                    Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\shiF3C.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\KwLogSvr.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\QseCore.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\imhelper.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\lco.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\libzdtp64.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\qutmload.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\7z.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\vcruntime140.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\Ntvbld64.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp110.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\ImAVEng.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\vclx120.bplJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetmTray64.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcr110.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\madBasic_.bplJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\iNetSafe64.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\bpchelper.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\zlib1.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\HotfixCommon64.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\fixsc64.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\LeakFixHelper.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeFile created: C:\Users\user\AppData\Local\Temp\5951281\....\TemporaryFile (copy)Jump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\ieplus64.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\ieplus64.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\PackageMgr.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\QMDns.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeFile created: C:\Users\user\AppData\Local\Temp\5950140\....\TemporaryFile (copy)Jump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\Gme.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8FEB.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\hipslog.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\leakrepair.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\PDown.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\Temp\MSI83C3.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\imhelper.dllJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile created: C:\Users\user\AppData\Local\Temp\24601\....\Microsoft.TransCompositia.msi (copy)Jump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\madExcept_.bplJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp140_1.dllJump to dropped file
                    Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\shi1CCC.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\libzdtp.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\http.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\HipsLogCenter.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\jpnative32.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\rar.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\qutmipc.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp80.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeFile created: C:\Users\user\AppData\Local\Temp\5951218\....\TemporaryFile (copy)Jump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\LeakFixHelper64.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\np360SoftMgr.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\RX.EXEJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\qroscfg.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\ieplus.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\lzmaextractor.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HotfixCommon64.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NotifyDown.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\Temp\MSI9108.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\ATellPhonJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\hipslog.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Ntvbld64.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HackPatch.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\oDayProtect.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\fhjyy.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\ntvbld.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\Gme.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft.VC90.MFC\mfc90.dllJump to dropped file
                    Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2D96.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\libmini.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\intl.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\PSpendZ.exeJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\lockkrnl.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\npaxlogin.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\vcruntime140.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetmonEP.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\GmeApi64.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\PopSoftEng.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Watson2.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\fhjyy.exeJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcp110.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\PDown.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2D07.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\MemDefrag.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\jpnative64.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\Temp\INA8055.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QMOfficeScanX64.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QMRtpDLL.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\Hamster.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\probe.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QQFileFlt.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcp120.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\Netgm.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\Ntvbld64.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp120.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\oDayProtect.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\libzdtp.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetSpeed.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\LiveUpd360.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\jpnative32.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\TDPINFO.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\rtl120.bplJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2CC8.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\mobileflux.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\NotifyDown.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\vcruntime140_1.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\Temp\MSI9AEC.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\qutmload.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\LeakFixHelper64.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QMDns.dllJump to dropped file
                    Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\shiFBA.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\AgentJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\libcurrant.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\DrawContent\DrawContentNoname.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\decoder.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\KwLayoutMgr.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\heavygate.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\NetmTray64.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\iNetSafe64.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\libEGL.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\libcurl.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\vcl120.bplJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\APXhttp.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\Temp\MSI1118.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\iNetSafe.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\Temp\MSI90C8.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\NetmLogin.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\vmauthd.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI519B.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QMAVProxy.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp90.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetmTray.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\QseCore.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\qutmipc.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeFile created: C:\Users\user\AppData\Local\Temp\5951250\....\TemporaryFile (copy)Jump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\heavygate.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\UPSDK.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\NetDefender.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\QMAVProxy.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\LeakFixHelper.dllJump to dropped file
                    Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Installer\libjyy.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\BBC.exeJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft.VC90.CRT\msvcr90.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeFile created: C:\Users\user\AppData\Local\Temp\5950109\....\TemporaryFile (copy)Jump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\libcurl.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcp140.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\Temp\MSI10E8.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcp140_2.dllJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile created: C:\Users\user\AppData\Local\Temp\1735434054\....\Microsoft.TransCompositio.msi (copy)Jump to dropped file
                    Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\shi1C6D.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\MiniUI.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\KwCommonUI.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\filemgr.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\netmstart.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcr120.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\NetmTray.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\fixsc.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HotfixCommon.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\ImAVEng.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\netmstart.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\Netgm.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\iNetSafe.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\GmeApi.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\libcurrant.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcr120.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\WHelp.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2D66.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\vcruntime140_1.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\XLGameUpdate.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\ieplus.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\np360SoftMgr.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\NetDevenvSpeed.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\bfcipc.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8FBB.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\NetDiagDll.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetmLogin.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft.Bcl.AsyncInterfaces.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\npaxlogin.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\QMEventBus.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcp100.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\LiveUpd360.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp100.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QQPCHwNetwork.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\TDPSTAT.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\OTGContainer.exeJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeFile created: C:\Users\user\AppData\Local\Temp\5950203\....\TemporaryFile (copy)Jump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\NetSpeed.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\libgravity.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\jpnative64.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\mobileflux.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcp140_1.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QMOfficeScan.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\ebHost.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\Hamster.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\KwLib.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeFile created: C:\Users\user\AppData\Local\Temp\5951187\....\TemporaryFile (copy)Jump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetDefender.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\HackPatch.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\ipcservice.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\Temp\shi2A36.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\PopSoftEng.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\Temp\shi8085.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\iopdate.exeJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\N0vaDesktop.exeJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\ntvbld.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\libscent35.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile created: C:\Users\user\AppData\Local\Temp\11835\....\Microsoft.TransCompositib.msi (copy)Jump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI516B.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\zip.exeJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\ipcservice.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcr110.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\HotfixCommon.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\filemgr.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\GmeApi.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\probe.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\pluginmgr.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\TPClnVM.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\GmeApi64.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\libscent35.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\leakrepair.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetDiagDll.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\fixsc64.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\hipslog.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcr90.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\MiniUI.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\lockkrnl.dllJump to dropped file
                    Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\7z.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\qroscfg.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcr80.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2C69.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\pluginmgr.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\fixsc.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\libgravity.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\TDPCONTROL.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcr100.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\PackageMgr.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\Temp\MSI900B.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7DAF.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\HipsdiaMain.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcr100.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8103.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp140_2.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI788D.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\NetmonEP.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\BtDDIFUEHLCR\libzdtp64.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Users\user\AppData\Local\Temp\MSI905A.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\fhjyy.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile created: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HipsLogCenter.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\pp_helper.exeJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\APXmodule-2.0.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft.VC90.CRT\msvcp90.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI516B.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7DAF.tmpJump to dropped file
                    Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Installer\libjyy.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI519B.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2D07.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2CC8.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2C69.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI788D.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2D96.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2D66.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\vcl120.bplJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\vclx120.bplJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\AgentJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\ATellPhonJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\madBasic_.bplJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\madDisAsm_.bplJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\madExcept_.bplJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile created: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\rtl120.bplJump to dropped file
                    Source: C:\Windows\Installer\MSI7DAF.tmpCode function: 8_2_6C1D10C0 ProcessMain,_memset,CoInitialize,CoCreateGuid,CoCreateGuid,swprintf,CoUninitialize,_memset,lstrlenW,lstrlenW,RegCreateKeyW,RegSetValueExW,RegCreateKeyW,lstrlenW,RegSetValueExW,RegCloseKey,RegCloseKey,RegCreateKeyW,lstrlenW,RegSetValueExW,RegCloseKey,_memset,_memset,_memset,_memset,_memset,_memset,_memset,_memset,_memset,__wcsrev,_memset,lstrcatW,lstrcatW,_memset,_memset,_memset,_memset,_memset,_memset,_memset,_memset,_memset,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,_memset,wsprintfW,wsprintfW,_memset,wsprintfW,_memset,wsprintfW,_memset,ShellExecuteExW,ShellExecuteExW,WaitForSingleObject,WaitForSingleObject,CloseHandle,ShellExecuteExW,WaitForSingleObject,CloseHandle,ShellExecuteExW,WaitForSingleObject,CloseHandle,8_2_6C1D10C0
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ziooirdfb1542nmu
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00AC05DC IsIconic,GetWindowPlacement,GetWindowRect,18_2_00AC05DC
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00AFA5DC IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,18_2_00AFA5DC
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00AD4990 IsIconic,18_2_00AD4990
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00AD4A0C GetWindowLongA,IsIconic,IsWindowVisible,ShowWindow,SetWindowLongA,SetWindowLongA,ShowWindow,ShowWindow,18_2_00AD4A0C
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00AFB054 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,18_2_00AFB054
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00AF9CD4 IsIconic,GetCapture,18_2_00AF9CD4
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B000BC SetErrorMode,GetModuleHandleA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetErrorMode,18_2_00B000BC
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Contains functionality to detect sleep reduction / modifications
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_009780EC18_2_009780EC
                    Query firmware table information (likely to detect VMs)
                    Source: C:\Windows\SysWOW64\msiexec.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile opened / queried: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\themes\ovf-vmware.xsd
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeFile opened / queried: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\themes\ovfenv-vmware.xsd
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: GetCurrentThreadId,GetCursorPos,WaitForSingleObject,18_2_00ADDE9C
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: GetAdaptersInfo,GetAdaptersInfo,0_2_6C605B60
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeThread delayed: delay time: 86400000
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeWindow / User API: threadDelayed 2063
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeWindow / User API: threadDelayed 1712
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeWindow / User API: threadDelayed 1502
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeWindow / User API: foregroundWindowGot 1761
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\ntvbld.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\madDisAsm_.bplJump to dropped file
                    Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shiF3C.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\KwLogSvr.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\QseCore.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\imhelper.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\lco.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\libzdtp64.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\qutmload.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\7z.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\vcruntime140.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\Ntvbld64.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp110.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\ImAVEng.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\vclx120.bplJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetmTray64.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcr110.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\madBasic_.bplJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\iNetSafe64.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\bpchelper.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\zlib1.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\HotfixCommon64.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\fixsc64.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\LeakFixHelper.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\5951281\....\TemporaryFile (copy)Jump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\ieplus64.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\ieplus64.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\PackageMgr.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\QMDns.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\5950140\....\TemporaryFile (copy)Jump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\Gme.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI8FEB.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\hipslog.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\leakrepair.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\PDown.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\imhelper.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI83C3.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\24601\....\Microsoft.TransCompositia.msi (copy)Jump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\madExcept_.bplJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp140_1.dllJump to dropped file
                    Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi1CCC.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\http.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\libzdtp.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\HipsLogCenter.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\rar.exeJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\jpnative32.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\qutmipc.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp80.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\5951218\....\TemporaryFile (copy)Jump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\LeakFixHelper64.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\RX.EXEJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\np360SoftMgr.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\qroscfg.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\ieplus.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HotfixCommon64.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\lzmaextractor.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NotifyDown.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI9108.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\hipslog.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\ATellPhonJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Ntvbld64.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HackPatch.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\oDayProtect.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\Gme.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\ntvbld.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft.VC90.MFC\mfc90.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2D96.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\PSpendZ.exeJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\intl.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\lockkrnl.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\npaxlogin.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\vcruntime140.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetmonEP.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\GmeApi64.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\PopSoftEng.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Watson2.exeJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcp110.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\PDown.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\MemDefrag.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2D07.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\jpnative64.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QMOfficeScanX64.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\INA8055.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QMRtpDLL.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\Hamster.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcp120.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\probe.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QQFileFlt.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\Netgm.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp120.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\Ntvbld64.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\oDayProtect.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\libzdtp.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetSpeed.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\LiveUpd360.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\jpnative32.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\rtl120.bplJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\mobileflux.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2CC8.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\NotifyDown.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\vcruntime140_1.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI9AEC.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\qutmload.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\LeakFixHelper64.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QMDns.dllJump to dropped file
                    Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shiFBA.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\AgentJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\libcurrant.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\DrawContent\DrawContentNoname.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\decoder.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\KwLayoutMgr.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\heavygate.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\NetmTray64.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\iNetSafe64.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\libEGL.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\vcl120.bplJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\APXhttp.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\iNetSafe.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI1118.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI90C8.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\NetmLogin.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\vmauthd.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QMAVProxy.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI519B.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp90.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetmTray.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\qutmipc.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\5951250\....\TemporaryFile (copy)Jump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\QseCore.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\heavygate.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\NetDefender.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\QMAVProxy.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\LeakFixHelper.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft.VC90.CRT\msvcr90.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\5950109\....\TemporaryFile (copy)Jump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcp140.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI10E8.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcp140_2.dllJump to dropped file
                    Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi1C6D.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\MiniUI.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\KwCommonUI.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\filemgr.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\netmstart.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcr120.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\NetmTray.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\ImAVEng.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HotfixCommon.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\fixsc.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\netmstart.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\Netgm.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\iNetSafe.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\GmeApi.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\libcurrant.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcr120.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\WHelp.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2D66.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\vcruntime140_1.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\XLGameUpdate.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\ieplus.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\np360SoftMgr.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\bfcipc.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI8FBB.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\NetDiagDll.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetmLogin.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft.Bcl.AsyncInterfaces.exeJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\QMEventBus.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\npaxlogin.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcp100.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\LiveUpd360.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp100.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QQPCHwNetwork.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\OTGContainer.exeJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\5950203\....\TemporaryFile (copy)Jump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\NetSpeed.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\jpnative64.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\libgravity.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\mobileflux.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcp140_1.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QMOfficeScan.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\ebHost.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\Hamster.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\KwLib.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\5951187\....\TemporaryFile (copy)Jump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetDefender.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\HackPatch.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\ipcservice.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi2A36.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\shi8085.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\PopSoftEng.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\iopdate.exeJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\N0vaDesktop.exeJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\ntvbld.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\libscent35.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp140.dllJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\11835\....\Microsoft.TransCompositib.msi (copy)Jump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI516B.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\zip.exeJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\ipcservice.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcr110.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\HotfixCommon.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\filemgr.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\GmeApi.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\probe.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\pluginmgr.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\TPClnVM.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\GmeApi64.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\libscent35.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\leakrepair.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetDiagDll.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\hipslog.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\fixsc64.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcr90.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\MiniUI.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\lockkrnl.dllJump to dropped file
                    Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\7z.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\qroscfg.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcr80.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\pluginmgr.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2C69.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\fixsc.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\libgravity.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\PackageMgr.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI900B.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI8103.tmpJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp140_2.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI788D.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\NetmonEP.dllJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\BtDDIFUEHLCR\libzdtp64.dllJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI905A.tmpJump to dropped file
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeDropped PE file which has not been started: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HipsLogCenter.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\pp_helper.exeJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\APXmodule-2.0.dllJump to dropped file
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeDropped PE file which has not been started: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft.VC90.CRT\msvcp90.dllJump to dropped file
                    Source: C:\Windows\Installer\MSI7DAF.tmpEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeAPI coverage: 9.0 %
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeAPI coverage: 1.0 %
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_009780EC18_2_009780EC
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe TID: 3848Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe TID: 7984Thread sleep time: -172800000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe TID: 7992Thread sleep time: -2063000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe TID: 7996Thread sleep time: -108000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe TID: 8004Thread sleep time: -960000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe TID: 3612Thread sleep time: -31000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe TID: 2044Thread sleep time: -36000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe TID: 7988Thread sleep time: -1502000s >= -30000s
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86) FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\Program Files (x86)\WindowsInstallerFB\7AF5081 FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeFile Volume queried: C:\ FullSizeInformation
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D40640 FindFirstFileW,FindClose,CloseHandle,CloseHandle,CloseHandle,CreateEventW,CreateThread,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,CloseHandle,0_2_00D40640
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C20880 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,_wcsrchr,_wcsrchr,PathIsUNCW,0_2_00C20880
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D1B1B0 FindFirstFileW,GetLastError,FindClose,0_2_00D1B1B0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D4A4B0 FindFirstFileW,FindNextFileW,FindNextFileW,FindClose,0_2_00D4A4B0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D4A8B0 FindFirstFileW,FindClose,0_2_00D4A8B0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D1A850 _wcsrchr,FindFirstFileW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,0_2_00D1A850
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D28F30 FindFirstFileW,FindClose,FindClose,0_2_00D28F30
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00CFFE80 FindFirstFileW,FindNextFileW,FindClose,0_2_00CFFE80
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C61D070 FindClose,PathIsUNCW,FindFirstFileW,GetFullPathNameW,GetFullPathNameW,FindClose,SetLastError,_wcsrchr,_wcsrchr,0_2_6C61D070
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C627870 FindFirstFileW,FindClose,GetLastError,FindClose,0_2_6C627870
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00D1B1B0 FindFirstFileW,GetLastError,FindClose,3_2_00D1B1B0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00D1ABE0 FindFirstFileW,3_2_00D1ABE0
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006A8BA4 __EH_prolog3_GS,FindFirstFileA,FindFirstFileW,FindFirstFileW,9_2_006A8BA4
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_0070D9C1 FindFirstFileExW,9_2_0070D9C1
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_0070D996 FindFirstFileExA,9_2_0070D996
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_0093657C GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,18_2_0093657C
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00938E6A FindFirstFileA,FindClose,18_2_00938E6A
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00938E6C FindFirstFileA,FindClose,18_2_00938E6C
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B32298 FindFirstFileA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,18_2_00B32298
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00A6A696 FindFirstFileA,FindClose,18_2_00A6A696
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00A6A698 FindFirstFileA,FindClose,18_2_00A6A698
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00A6A7A8 FindFirstFileA,FindClose,18_2_00A6A7A8
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00AB27D0 FindFirstFileA,FindClose,FileTimeToDosDateTime,18_2_00AB27D0
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00A6AAB4 FindFirstFileA,GetLastError,18_2_00A6AAB4
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00A66B80 GetModuleHandleA,GetProcAddress,lstrcpynA,lstrcpynA,lstrcpynA,FindFirstFileA,FindClose,lstrlenA,lstrcpynA,lstrlenA,lstrcpynA,18_2_00A66B80
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B2EDA0 FindFirstFileA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,18_2_00B2EDA0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D49310 _wcsrchr,_wcsrchr,GetLogicalDriveStringsW,GetDriveTypeW,Wow64DisableWow64FsRedirection,Wow64RevertWow64FsRedirection,0_2_00D49310
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00DB19D1 VirtualQuery,GetSystemInfo,0_2_00DB19D1
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeThread delayed: delay time: 86400000
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeThread delayed: delay time: 30000
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CompanyNameVMware, Inc.b
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: <description>"VMware Authorization Service"</description>
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmware-vmx.exe%s%c..%c%svmware-vmx-debug.exevmware-vmx-stats.exeNo ticket found
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: StartVirtualMachines%s: Failed to retrieve info from %%ALLUSERSPROFILE%%%s.
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMwareAutostartServiceVMAutostartRunServiceStarting service control dispatcher
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: name="VMware.VMware.vmauthd"
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[vmwarestring.dll??0string@utf@@QAE@ABV01@@Z??0string@utf@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z??0string@utf@@QAE@ABV_bstr_t@@@Z??0string@utf@@QAE@ABVubstr_t@@@Z??0string@utf@@QAE@ABVustring@Glib@@@Z??0string@utf@@QAE@PBD@Z??0string@utf@@QAE@PBDW4StringEncoding@@@Z??0string@utf@@QAE@PB_W@Z??0string@utf@@QAE@XZ??1string@utf@@QAE@XZ??4string@utf@@QAEAAV01@V01@@Z??8string@utf@@QBE_NABV01@@Z??9string@utf@@QBE_NABV01@@Z??Astring@utf@@QBEII@Z??Bstring@utf@@QBE?BVubstr_t@@XZ??Bstring@utf@@QBEABVustring@Glib@@XZ??Hstring@utf@@QBE?AV01@ABV01@@Z??Hstring@utf@@QBE?AV01@I@Z??Mstring@utf@@QBE_NABV01@@Z??Nstring@utf@@QBE_NABV01@@Z??Ostring@utf@@QBE_NABV01@@Z??Pstring@utf@@QBE_NABV01@@Z??Ystring@utf@@QAEAAV01@ABV01@@Z??Ystring@utf@@QAEAAV01@I@Z?CopyAndFree@utf@@YA?AVstring@1@PADP6AXPAX@Z@Z?CreateWithBOMBuffer@utf@@YA?AVstring@1@PBXH@Z?CreateWithLength@utf@@YA?AVstring@1@PBXHW4StringEncoding@@@Z?CreateWritableBuffer@utf@@YAXABVstring@1@AAV?$vector@DV?$allocator@D@std@@@std@@@Z?CreateWritableBuffer@utf@@YAXABVstring@1@AAV?$vector@_WV?$allocator@_W@std@@@std@@@Z?GetUtf16Cache@string@utf@@ABEPB_WXZ?IntToStr@utf@@YA?AVstring@1@_J@Z?InvalidateCache@string@utf@@AAEXXZ?Validate@utf@@YA_NABVustring@Glib@@@Z?__autoclassinit2@string@utf@@QAEXI@Z?append@string@utf@@QAEAAV12@ABV12@@Z?append@string@utf@@QAEAAV12@ABV12@II@Z?append@string@utf@@QAEAAV12@PBDI@Z?assign@string@utf@@QAEAAV12@ABV12@@Z?begin@string@utf@@QAE?AV?$ustring_Iterator@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@std@@@Glib@@XZ?begin@string@utf@@QBE?AV?$ustring_Iterator@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@std@@@Glib@@XZ?bytes@string@utf@@QBEIXZ?c_str@string@utf@@QBEPBDXZ?clear@string@utf@@QAEXXZ?compare@string@utf@@QBEHABV12@_N@Z?compare@string@utf@@QBEHIIABV12@@Z?compareLength@string@utf@@QBEHABV12@I_N@Z?compareRange@string@utf@@QBEHIIABV12@II_N@Z?empty@string@utf@@QBE_NXZ?end@string@utf@@QAE?AV?$ustring_Iterator@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@std@@@Glib@@XZ?end@string@utf@@QBE?AV?$ustring_Iterator@V?$_String_const_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@std@@@Glib@@XZ?endsWith@string@utf@@QBE_NABV12@_N@Z?erase@string@utf@@QAE?AV?$ustring_Iterator@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@std@@@Glib@@V34@0@Z?erase@string@utf@@QAE?AV?$ustring_Iterator@V?$_String_iterator@V?$_String_val@U?$_Simple_types@D@std@@@std@@@std@@@Glib@@V34@@Z?erase@string@utf@@QAEAAV12@II@Z?find@string@utf@@QBEIABV12@I@Z?find@string@utf@@QBEIII@Z?find_first_not_of@string@utf@@QBEIABV12@I@Z?find_first_not_of@string@utf@@QBEIII@Z?find_first_of@string@utf@@QBEIABV12@I@Z?find_first_of@string@utf@@QBEIII@Z?find_last_not_of@string@utf@@QBEIABV12@I@Z?find_last_not_of@string@utf@@QBEIII@Z?find_last_of@string@utf@@QBEIABV12@I@Z?find_last_of@string@utf@@QBEIII@Z?foldCase@string@utf@@QBE?AV12@XZ?insert@string@utf@@QAEAAV
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2043755856.0000000000B24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VGX\Optimizat\themes\ovfenv-vmware.xsdz.
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: PANIC: %s599 vmware-authd PANIC: %s
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: D:\build\ob\bora-20800274\bora\build\build\LIBRARIES\vmwarestring\win32\release\vmwarestring.pdb!!
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.2081490565.0000000003AC9000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000002.2086372576.0000000003ACC000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1703604464.0000000003ACE000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.2083458136.0000000003AC9000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1703086836.0000000003ACE000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.2082256697.0000000003AC9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmwarebase.DLL
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Unicode_TrimRightvmwarebase.DLL
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2048294440.0000000000A58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VGXVGX/HoursBrokerVGX/HoursBroker/DrawContentVGX/Microsoft.VC90.CRTVGX/Microsoft.VC90.MFCVGX/OptimizatVGX/Optimizat/pluginsVGX/Optimizat/themesVGX/pluginsVGX/plugins/RunHoursVGX/UtilsVGX/versionVGX/BoukenVGX/BoukenPVGX/Browser_2VGX/AgentVGX/APKwait.batVGX/ATellPhonVGX/bbnn.rbgVGX/Blend.visualelementsmanifest.xmlVGX/Browser_1VGX/BseziofVGX/cbg.sigVGX/cdm.sigVGX/chrome_200_percent.pakVGX/contribscr.iniVGX/cor.sigVGX/DataTransform.iniVGX/dmEetfzcFeMLeUVbVGX/HoursBroker/CIM_ResourceAllocationSettingData.xsdVGX/HoursBroker/CIM_VirtualSystemSettingData.xsdVGX/HoursBroker/common.xsdVGX/HoursBroker/hi.pakVGX/HoursBroker/hr.pakVGX/HoursBroker/hu.pakVGX/HoursBroker/li.datVGX/HoursBroker/LICENSE.3rdVGX/HoursBroker/LICENSE.libcodecsVGX/HoursBroker/LICENSE.libdtVGX/HoursBroker/livehis.datVGX/HoursBroker/Microsoft.VC80.ATL.manifestVGX/HoursBroker/Microsoft.VC80.CRT.manifestVGX/HoursBroker/package.jsonVGX/HoursBroker/rpi.datVGX/HoursBroker/slist.datVGX/HoursBroker/versionVGX/HoursBroker/xml.xsdVGX/intchar32VGX/intchar64VGX/LastnamaVGX/LastnameVGX/LastnymcVGX/libtemp.batVGX/LostVGX/LostHeVGX/LostPVGX/LostPHeVGX/LostPSheVGX/LostSheVGX/madBasic_.bplVGX/madDisAsm_.bplVGX/madExcept_.bplVGX/Microsoft.VC80.ATL.manifestVGX/Microsoft.VC80.CRT.manifestVGX/Microsoft.VC90.CRT/Microsoft.VC90.CRT.manifestVGX/Microsoft.VC90.MFC/Microsoft.VC90.MFC.manifestVGX/Microsoft_VC90_CRT_manifestVGX/NetSpeedLogVGX/NULL.binVGX/NVIDIA_GeForce_Experience_jsonVGX/Optimizat/plugins/am.pakVGX/Optimizat/plugins/ar.pakVGX/Optimizat/plugins/bg.pakVGX/Optimizat/plugins/Microsoft.VC80.ATL.manifestVGX/Optimizat/plugins/Microsoft.VC80.CRT.manifestVGX/Optimizat/plugins/vd.icoVGX/Optimizat/plugins/versionVGX/Optimizat/themes/ca.pakVGX/Optimizat/themes/cs.pakVGX/Optimizat/themes/da.pakVGX/Optimizat/themes/isolinux.binVGX/Optimizat/themes/ovf-vmware.xsdVGX/Optimizat/themes/ovfenv-vmware.xsdVGX/Optimizat/themes/sample.flpVGX/Optimizat/vmPerfmon.hVGX/plugins/de.pakVGX/plugins/el.pakVGX/plugins/en-GB.pakVGX/plugins/en-US.pakVGX/plugins/Microsoft.VC80.ATL.manifestVGX/plugins/Microsoft.VC80.CRT.manifestVGX/plugins/RunHours/es-419.pakVGX/plugins/RunHours/es.pakVGX/plugins/RunHours/et.pakVGX/plugins/RunHours/fa.pakVGX/plugins/versionVGX/Ptuity.plxVGX/Ptuityoosty.plxVGX/qvlnk.broVGX/rbVGX/rtl120.bplVGX/settingssVGX/settingss2VGX/somextrainfo.iniVGX/SresoBooster.uiVGX/station.binVGX/SysP1.batVGX/SysP2.batVGX/Theme.icoVGX/TP.iniVGX/vcl120.bplVGX/vclx120.bplVGX/version/AARV1VGX/version/AARV2VGX/version/AuLibV1VGX/version/AuLibV2VGX/version/CharMainoV1VGX/version/CharMainoV2VGX/version/CjLibV1VGX/version/CjLibV2VGX/version/ComeOnVGX/version/globalV1VGX/version/globalV2VGX/version/QdLibV1VGX/version/QdLibV2VGX/version/qvlnkbroV1VGX/version/qvlnkbroV2VGX/version/settingV1VGX/version/settingV2VGX/version/ShellVGX/version/TOFNCVGX/version/WinCallVGX/VNL.iniVGX/WBGvisualelementsmanifestVGX/WGLogin.olgVGX/Win.rbgVGX/7z.dllVGX/APXhttp.dllVGX/APXmodule-2.0.dllVGX/BBC.exeVGX/bfcipc.dllVGX/bpchelper.dllVGX/ebHost.exeVGX/EduW
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmware-
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 17.5.0 build-22583795VMware Workstation%s Authentication Daemon Version %u.%u for %s %s
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: D:\build\ob\bora-20800274\bora\build\build\LIBRARIES\vmwarestring\win32\release\vmwarestring.pdb
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmware
                    Source: Haloonoroff.exe, 00000013.00000003.2130602491.0000000001307000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VBoxService.exeZv
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2043755856.0000000000B24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\themes\ovfenv-vmware.xsd
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Invalid pathname (too long)Config file not found: %sVMware Server ConsoleYou need read access in order to connect with the %s. Access denied for config file: %sYou need execute access in order to connect with the %s. Access denied for config file: %s%s-fdConnect %sError connecting to %s service instance.Can't create mutex '%s' (%d)Timeout acquiring thread lock.-fdvmauthd.connectionSetupTimeoutCould not open %s process %d. (error %d)Error connecting to vmx process.No such %s process: %s
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Authorization Service
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: name="VMware.VMware.vmwarestring"
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: HttpURI_ParseAndDecodeURLvmwarebase.DLL
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: FileDescriptionVMware BasicHTTP DLLL
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Server Console
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmware-autostart.log
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Authorization and authentication service for starting and accessing virtual machinesVMware Authorization ServiceVMAuthdServiceSuccessfully registered %s.
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: D:\build\ob\bora-22583795\bora\build\build\authd\release\win32\vmware-authd.pdb
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: FileDescriptionVMware event log sourceL
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMWARE_BASICHTTP_TRACE
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Workstation
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 599 vmware-authd PANIC: %s
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevmware-authd.exeF
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: : SSL RequiredNFCSSL supported/tServerDaemonProtocol:SOAPVMware%s Authentication Daemon Version %u.%u%s, %s, %s, %s, %s, %s%sError retrieving thumbprintInvalid arguments to '%s%s'Login failed: token key authentication not allowed.GET TOKEN KEY failed: got %s
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmware-hostd
                    Source: Bor32-update-flase.exe, 00000012.00000002.2129533385.00000000006F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllY
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005000000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: RegOpenKeyTransactedW::NetUserGetInfo() failed with error: \@invalid string_view positionVMware, Inc.VMware Virtual PlatformVMware7,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IGetting system informationManufacturer [Model [BIOS [\\?\UNC\\\?\shim_clone%d.%d.%d.%dDllGetVersion[%!]%!ProgramFilesFolderCommonFilesFolderDesktopFolderAllUsersDesktopFolderAppDataFolderFavoritesFolderStartMenuFolderProgramMenuFolderStartupFolderFontsFolderLocalAppDataFolderCommonAppDataFolderProgramFiles64FolderProgramFilesProgramW6432SystemFolderSystem32FolderWindowsFolderWindowsVolumeTempFolderSETUPEXEDIRshfolder.dllSHGetFolderPathWProgramFilesAPPDATAPROGRAMFILES&+
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMWARE_HTTPSPROXYBasicHTTP: AppendRequestHeader failed to append to the request header. Insufficient memory.
                    Source: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.2081357784.000000000078D000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1703664200.0000000000765000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1703743080.000000000078D000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1703514174.000000000072C000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.2083037286.000000000078D000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000002.2084822308.000000000078D000.00000004.00000020.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1794827924.000000000078D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWha
                    Source: Haloonoroff.exe, 00000013.00000003.2130602491.0000000001307000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmtoolsd.exe
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: FileDescriptionVMware string libraryL
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevmwarestring.DLLF
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: D:\build\ob\bora-22583795\bora\build\build\vmware-autostart\release\win32\vmware-autostart.pdb
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: <description>"VMware string library"</description>
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: nfcnfcsslvmware-hostdPROXY service %s not found.USER too long.Password required for %s.Login with USER first.InSeCuRePassword not understood.User %s logged in.LOGIN FAILURE from %.128s, %s
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmwarestring.dll
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: StartVirtualMachines
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ProductNameVMware WorkstationP
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: \VMware\VMware Workstation\vmAutoStart.xml
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 1998-2023 VMware, Inc.J
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2043755856.0000000000B24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\themes\ovfenv-vmware.xsd
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMWARE_BASICHTTP_TRACE0bora\apps\lib\basicHttp\http.cBasicHTTP: curl_multi_init failed.
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: D:\build\ob\bora-22583795\bora\build\build\vmware-autostart\release\win32\vmware-autostart.pdb..
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: FileDescriptionVMware Authorization ServiceL
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 1998-2022 VMware, Inc.J
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmware-vmx-debug.exe
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 1998-2022 VMware, Inc.D
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMWARE_HTTPSPROXY
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmware-vmx-stats.exe
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: File_CreateDirectoryvmwarebase.DLL)_strdup
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: security.host.ruisslvmwareauthd.policy.allowRCForReadvmauthd.startupTimeoutgetpeername failed: %d tid %d
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: User not authorized for vpx agent contactvmware-vpxaUser not authorized for vmx contactConnecting socket=%s
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: D:\build\ob\bora-22583795\bora\build\build\authd\release\win32\vmware-authd.pdb--
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: InternalNamevmwarestringj#
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: \\.\pipe\vmware-authdpipeCreateNamedPipe failed: %s (%d)
                    Source: Haloonoroff.exe, 00000013.00000003.2130602491.0000000001307000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareTray.exe#v
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: @vmware-autostartVMAutostart_InitGetVMAutostartConfigFilePathCould not get the ALLUSERSPROFILE folder path
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CompanyNameVMware, Inc.R
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: <description>"VMware event log source"</description>
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CompanyNameVMware, Inc.T
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware-client
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmware-vmx.exe
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CompanyNameVMware, Inc.X
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 1998-2022 VMware, Inc.@
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Autostart ServiceCreateService failed (%d)
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: name="VMware.VMware.basichttp"
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: name="VMware.VMware.vmauthd-log"
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmware-\vmware-autostart.loga+Cannot open file '%s'
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmware-vpxa
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: vmware-autostart
                    Source: e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: <description>"VMware BasicHTTP DLL"</description>
                    Source: C:\Windows\Installer\MSI7DAF.tmpAPI call chain: ExitProcess graph end node
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeAPI call chain: ExitProcess graph end node
                    Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeProcess queried: DebugPort
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00DB9913 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00DB9913
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D4D260 CreateFileW,GetLastError,OutputDebugStringW,OutputDebugStringW,SetFilePointer,FlushFileBuffers,WriteFile,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,OutputDebugStringW,WriteFile,WriteFile,FlushFileBuffers,FlushFileBuffers,WriteFile,FlushFileBuffers,WriteFile,FlushFileBuffers,0_2_00D4D260
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D1E740 LoadLibraryW,GetProcAddress,LoadImageW,FreeLibrary,0_2_00D1E740
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00DB41D9 mov esi, dword ptr fs:[00000030h]0_2_00DB41D9
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00DCE8FB mov eax, dword ptr fs:[00000030h]0_2_00DCE8FB
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00DCE93F mov eax, dword ptr fs:[00000030h]0_2_00DCE93F
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00DBFDF7 mov ecx, dword ptr fs:[00000030h]0_2_00DBFDF7
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C63D57C mov ecx, dword ptr fs:[00000030h]0_2_6C63D57C
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C6468F9 mov eax, dword ptr fs:[00000030h]0_2_6C6468F9
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00DB41D9 mov esi, dword ptr fs:[00000030h]3_2_00DB41D9
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00DCE8FB mov eax, dword ptr fs:[00000030h]3_2_00DCE8FB
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00DCE93F mov eax, dword ptr fs:[00000030h]3_2_00DCE93F
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00DBFDF7 mov ecx, dword ptr fs:[00000030h]3_2_00DBFDF7
                    Source: C:\Windows\Installer\MSI7DAF.tmpCode function: 8_2_002360A8 mov eax, dword ptr fs:[00000030h]8_2_002360A8
                    Source: C:\Windows\Installer\MSI7DAF.tmpCode function: 8_2_00238164 mov eax, dword ptr fs:[00000030h]8_2_00238164
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006F1819 mov eax, dword ptr fs:[00000030h]9_2_006F1819
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006F18A7 mov eax, dword ptr fs:[00000030h]9_2_006F18A7
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00DB4245 GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,0_2_00DB4245
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeProcess token adjusted: Debug
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeProcess token adjusted: Debug
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeProcess token adjusted: Debug
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C3AEA0 __set_se_translator,SetUnhandledExceptionFilter,0_2_00C3AEA0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00DB4CCD SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00DB4CCD
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00C3D8C0 __set_se_translator,SetUnhandledExceptionFilter,0_2_00C3D8C0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00DB9913 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00DB9913
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C6305E5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6C6305E5
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C62F87E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_6C62F87E
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C634963 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_6C634963
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C3D8C0 __set_se_translator,SetUnhandledExceptionFilter,3_2_00C3D8C0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00DB9913 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00DB9913
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00DB4CCD SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00DB4CCD
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 3_2_00C3AEA0 __set_se_translator,SetUnhandledExceptionFilter,3_2_00C3AEA0
                    Source: C:\Windows\Installer\MSI7DAF.tmpCode function: 8_2_00235453 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00235453
                    Source: C:\Windows\Installer\MSI7DAF.tmpCode function: 8_2_00232920 SetUnhandledExceptionFilter,8_2_00232920
                    Source: C:\Windows\Installer\MSI7DAF.tmpCode function: 8_2_00231EEE SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00231EEE
                    Source: C:\Windows\Installer\MSI7DAF.tmpCode function: 8_2_0023278E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_0023278E
                    Source: C:\Windows\Installer\MSI7DAF.tmpCode function: 8_2_6C1D2521 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_6C1D2521
                    Source: C:\Windows\Installer\MSI7DAF.tmpCode function: 8_2_6C1D1BC3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_6C1D1BC3
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006E460E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_006E460E
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006E47A4 SetUnhandledExceptionFilter,9_2_006E47A4
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_00708B72 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00708B72
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006E3395 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_006E3395
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D02AF0 CreateFileW,CloseHandle,WriteFile,CloseHandle,ShellExecuteExW,0_2_00D02AF0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeProcess created: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe "C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe" /i "C:\Program Files (x86)\WindowsInstallerFB\7AF5081\DAN_127.msi" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\BtDDIFUEHLCR" SECONDSEQUENCE="1" CLIENTPROCESSID="5324" AI_MORE_CMD_LINE=1Jump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess created: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe "C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe" x "C:\Program Files (x86)\BtDDIFUEHLCR\TLGCBXAGVFLQ.KBI" -o"C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1" -pJHKQFETWJKTIHLLBOKO -aos -yJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess created: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe "C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe" x "C:\Program Files (x86)\BtDDIFUEHLCR\SUGIPFIMNRQE.TMA" -o"C:\Program Files (x86)\BtDDIFUEHLCR" -pMNHWOTMLOHTPVRFXPCH -aos -yJump to behavior
                    Source: C:\Windows\Installer\MSI7DAF.tmpProcess created: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe "C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe" x "C:\Program Files (x86)\BtDDIFUEHLCR\TMGJRLDUDWLQ.FCU" -o"C:\Users\user\AppData\Roaming" -pPXOEWCVFPIJPLHQSQSX -aos -yJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeProcess created: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe "c:\users\user\desktop\installer espt masa pph versi 2.0#u007e26022009.exe" /i "c:\program files (x86)\windowsinstallerfb\7af5081\dan_127.msi" ai_euimsi=1 appdir="c:\program files (x86)\btddifuehlcr" secondsequence="1" clientprocessid="5324" ai_more_cmd_line=1
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeProcess created: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe "c:\users\user\desktop\installer espt masa pph versi 2.0#u007e26022009.exe" /i "c:\program files (x86)\windowsinstallerfb\7af5081\dan_127.msi" ai_euimsi=1 appdir="c:\program files (x86)\btddifuehlcr" secondsequence="1" clientprocessid="5324" ai_more_cmd_line=1Jump to behavior
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00B2F1A0 OpenDesktopA,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateDesktopA,18_2_00B2F1A0
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drBinary or memory string: Fabout:blank:\kernel32.dll*winswinntwin2000win2000serverwinxpwin2003winvistawin2008win7win2008r2win8win2012win11win10GetNativeSystemInfoProgmanSHELLDLL_DefViewWorkerWSysListView32ToolbarWindow32NotifyIconOverflowWindowBUTTON;Versionopen=%s\%sgetNetBarConfig szMainkey:%s szKey:%s szValue:%s getNetBarConfig error szMainkey:%s szKey:%s
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drBinary or memory string: ]wQCFFTaskBarDlg{"fftaskbar":{"%s":1,"color":%d,"percent":%d,"align":%d,"applyType":%d}}-%s %d %d %d %dSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WeGameDev.exeSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WeGame.exeInstallPath%s\wegame.exeExeFileGetCommandLineWkernelBase.dllGetCmdLinentdllProgram ManagerNVIDIA GeForce OverlayDeskWindowkdeskOSRWindowCcWaterMarkWindowATL:00D719E0TXGuiFoundationFound FullScreen Windows: strWindowName=%s strWndClassName=%s hwnd=0x%xSOFTWARE\Microsoft\Windows\CurrentVersion\RunFFWallpaper.exe -silentFFWallpaperSetAutoRun %d, result: %dFolderViewTXMiniSkinLhb
                    Source: Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drBinary or memory string: tiCBaseWallPaperPlayer::RemoveAllOldWindowsCBaseWallPaperPlayer: RemoveOldWindowsEx: BasePlayerWnd=0x%xCBaseWallPaperPlayer::RemoveWindows()~CDesktopAttributesCDesktopAttributes::ExitFetchThreadCDesktopAttributes::FetchDesktopInfoThreadNew thread New start @@@@CDesktopAttributes::FetchDesktopInfoThread New exitCDesktopAttributes::FetchDesktopInfoThread New not found Program ManagerCDesktopAttributes::FetchDesktopInfoThread New begin set worker end: #### no explorer.exeCDesktopAttributes::FetchDesktopInfoThread New Err: #### no Program Manager with explorerCDesktopAttributes::monitor explorer err quit bizhiWindows
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_6C630708 cpuid 0_2_6C630708
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: GetLocaleInfoW,GetLocaleInfoW,0_2_00D430D0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_6C649C73
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: GetLocaleInfoW,GetLocaleInfoW,0_2_6C60D5E0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: EnumSystemLocalesW,0_2_6C6495FC
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: EnumSystemLocalesW,0_2_6C6495B1
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: EnumSystemLocalesW,0_2_6C6415BE
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: EnumSystemLocalesW,0_2_6C649697
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_6C649722
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: GetLocaleInfoW,0_2_6C649975
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: GetLocaleInfoW,0_2_6C641A87
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_6C649A9E
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: GetLocaleInfoW,0_2_6C649BA4
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: GetLocaleInfoW,9_2_0070A219
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,9_2_0071335A
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: EnumSystemLocalesW,9_2_007135D2
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: EnumSystemLocalesW,9_2_0071363B
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: EnumSystemLocalesW,9_2_007136D6
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,9_2_00713763
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: EnumSystemLocalesW,9_2_007097C9
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: EnumSystemLocalesW,9_2_007098ED
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: EnumSystemLocalesW,9_2_00709931
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: GetLocaleInfoW,9_2_007139B3
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,9_2_00713ADC
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: GetLocaleInfoW,9_2_00713BE3
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,9_2_00713CB0
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,18_2_00936740
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: GetLocaleInfoA,18_2_0093C6A8
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: GetLocaleInfoA,18_2_0093C6F4
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,18_2_0093684C
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: GetLocaleInfoA,18_2_00A6E194
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: GetLocaleInfoA,18_2_00A6E1E0
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,18_2_00A66D44
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,18_2_00A66E50
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,18_2_00B76054
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: lstrcpynA,GetThreadLocale,GetLocaleInfoA,lstrlenA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,lstrcpynA,LoadLibraryExA,18_2_00B76160
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                    Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\three_colors.jpg VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\three_colors.jpg VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\blue.jpg VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\three_colors.jpg VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\blue.jpg VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\three_colors.jpg VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\blue.jpg VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\whitesmall.jpg VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\whitesmall.jpg VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeQueries volume information: C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\whitesmall.jpg VolumeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D598C0 CreateNamedPipeW,CreateFileW,0_2_00D598C0
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D4D180 GetLocalTime,0_2_00D4D180
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeCode function: 0_2_00D581C0 GetUserNameW,GetUserNameW,GetLastError,GetUserNameW,GetEnvironmentVariableW,GetEnvironmentVariableW,RegDeleteValueW,RegCloseKey,RegCloseKey,RegQueryInfoKeyW,RegCloseKey,RegCloseKey,RegDeleteKeyW,RegCloseKey,RegDeleteValueW,RegCloseKey,0_2_00D581C0
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exeCode function: 18_2_00A872D0 GetTimeZoneInformation,18_2_00A872D0
                    Source: C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exeCode function: 9_2_006E0FC5 __EH_prolog3_catch_GS,GetVersionExA,9_2_006E0FC5
                    Source: C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
                    Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire Infrastructure1
                    Replication Through Removable Media                    		1
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    Exploitation for Privilege Escalation                    		1
                    Deobfuscate/Decode Files or Information                    		31
                    Input Capture                    		2
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts2
                    Native API                    		1
                    Create Account                    		1
                    DLL Side-Loading                    		2
                    Obfuscated Files or Information                    		LSASS Memory11
                    Peripheral Device Discovery                    		Remote Desktop Protocol1
                    Screen Capture                    		1
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts12
                    Command and Scripting Interpreter                    		2
                    Windows Service                    		1
                    Access Token Manipulation                    		1
                    Timestomp                    		Security Account Manager1
                    Account Discovery                    		SMB/Windows Admin Shares31
                    Input Capture                    		SteganographyAutomated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                    Windows Service                    		1
                    DLL Side-Loading                    		NTDS4
                    File and Directory Discovery                    		Distributed Component Object Model3
                    Clipboard Data                    		Protocol ImpersonationTraffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script13
                    Process Injection                    		1
                    File Deletion                    		LSA Secrets47
                    System Information Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts132
                    Masquerading                    		Cached Domain Credentials1
                    Query Registry                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                    Virtualization/Sandbox Evasion                    		DCSync281
                    Security Software Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    Access Token Manipulation                    		Proc Filesystem2
                    Process Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt13
                    Process Injection                    		/etc/passwd and /etc/shadow141
                    Virtualization/Sandbox Evasion                    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing11
                    Application Window Discovery                    		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
                    System Owner/User Discovery                    		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                    Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled TaskEmbedded PayloadsKeylogging1
                    System Network Configuration Discovery                    		Taint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1581812 Sample: Installer eSPT Masa PPh ver... Startdate: 29/12/2024 Architecture: WINDOWS Score: 84 98 Suricata IDS alerts for network traffic 2->98 100 Malicious sample detected (through community Yara rule) 2->100 102 Yara detected BlackMoon Ransomware 2->102 104 2 other signatures 2->104 8 msiexec.exe 73 100 2->8         started        12 Installer eSPT Masa PPh versi 2.0#U007e26022009.exe 127 2->12         started        14 Bor32-update-flase.exe 2->14         started        16 Bor32-update-flase.exe 2->16         started        process3 file4 62 C:\Windows\Installer\MSI7DAF.tmp, PE32 8->62 dropped 64 C:\Windows\Installer\MSI788D.tmp, PE32 8->64 dropped 66 C:\Windows\Installer\MSI519B.tmp, PE32 8->66 dropped 74 63 other files (none is malicious) 8->74 dropped 110 Drops executables to the windows directory (C:\Windows) and starts them 8->110 18 MSI7DAF.tmp 2 1 8->18         started        20 msiexec.exe 5 8->20         started        24 msiexec.exe 1 3 8->24         started        68 C:\Users\user\AppData\Local\...\shi8085.tmp, PE32+ 12->68 dropped 76 73 other files (none is malicious) 12->76 dropped 26 Installer eSPT Masa PPh versi 2.0#U007e26022009.exe 6 12->26         started        70 C:\Users\user\AppData\...\OTGContainer.exe, PE32 14->70 dropped 72 C:\Users\user\AppData\...720vaDesktop.exe, PE32 14->72 dropped 78 7 other files (none is malicious) 14->78 dropped 28 Haloonoroff.exe 14->28         started        signatures5 process6 dnsIp7 31 e8a0d5af432b7e64DBD.exe 18->31         started        34 e8a0d5af432b7e64DBD.exe 18->34         started        36 e8a0d5af432b7e64DBD.exe 18->36         started        44 C:\Users\user\AppData\Local\Temp\shiFBA.tmp, PE32 20->44 dropped 46 C:\Users\user\AppData\Local\Temp\shiF3C.tmp, PE32 20->46 dropped 48 C:\Users\user\AppData\Local\...\shi1CCC.tmp, PE32 20->48 dropped 50 C:\Users\user\AppData\Local\...\shi1C6D.tmp, PE32 20->50 dropped 106 Query firmware table information (likely to detect VMs) 20->106 52 C:\Windows\Installer\libjyy.dll, PE32 24->52 dropped 58 2 other files (none is malicious) 24->58 dropped 54 C:\Users\user\AppData\Local\...\shi2A36.tmp, PE32+ 26->54 dropped 96 154.82.113.139, 49738, 63701 ROOTNETWORKSUS Seychelles 28->96 56 C:\Program Files (x86)\...\VGXlong.sys, data 28->56 dropped 60 3 other files (none is malicious) 28->60 dropped 108 Sample is not signed and drops a device driver 28->108 file8 signatures9 process10 file11 80 C:\Users\user\AppData\...\Haloonoroff.exe, PE32 31->80 dropped 82 C:\Users\user\AppData\Roaming\...\zlib1.dll, PE32 31->82 dropped 84 C:\Users\user\AppData\Roaming\...\zip.exe, PE32 31->84 dropped 92 68 other files (none is malicious) 31->92 dropped 38 conhost.exe 31->38         started        86 C:\...\Bor32-update-flase.exe, PE32 34->86 dropped 88 C:\Program Files (x86)\...\vcruntime140_1.dll, PE32+ 34->88 dropped 90 C:\Program Files (x86)\...\vcruntime140.dll, PE32+ 34->90 dropped 94 20 other files (none is malicious) 34->94 dropped 40 conhost.exe 34->40         started        42 conhost.exe 36->42         started        process12

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Installer eSPT Masa PPh versi 2.0#U007e26022009.exe5%ReversingLabs

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Program Files (x86)\BtDDIFUEHLCR\7z.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\Gme.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\GmeApi.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\GmeApi64.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\HackPatch.dll4%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\Hamster.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\HipsLogCenter.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\HotfixCommon.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\HotfixCommon64.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\ImAVEng.dll3%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\LeakFixHelper.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\LeakFixHelper64.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\LiveUpd360.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\MiniUI.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\NetDefender.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\NetDiagDll.dll3%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\NetSpeed.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\Netgm.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\NetmLogin.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\NetmTray.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\NetmTray64.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\NetmonEP.dll3%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\NotifyDown.dll3%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\Ntvbld64.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\PDown.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\PopSoftEng.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\QseCore.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\fhjyy.exe0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\filemgr.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\fixsc.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\fixsc64.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\heavygate.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\hipslog.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\iNetSafe.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\iNetSafe64.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\ieplus.dll3%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\ieplus64.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\imhelper.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\ipcservice.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\jpnative32.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\jpnative64.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\leakrepair.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\libcurrant.dll3%ReversingLabsWin32.Malware.MintZard
                    C:\Program Files (x86)\BtDDIFUEHLCR\libgravity.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\libscent35.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\libzdtp.dll4%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\libzdtp64.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\lockkrnl.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\mobileflux.dll3%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\netmstart.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\np360SoftMgr.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\npaxlogin.dll2%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\ntvbld.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\pluginmgr.dll2%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\probe.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\qroscfg.dll3%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\qutmipc.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\qutmload.dll0%ReversingLabs
                    C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe0%ReversingLabs

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://bizhi.hfnuola.com/pc/v/AfterLocalSethttps://bizhi.hfnuola.com/pc/DesktopComponent/GetPopupLi0%Avira URL Cloudsafe
                    http://www.winimage.com/zLibDll1.2.30%Avira URL Cloudsafe
                    https://www.hfnuola.com0%Avira URL Cloudsafe
                    http://klog.kuwo.cn/music.ylhttp://install-log.kuwo.cn/music.ylhttp://log.kuwo.cn/music.ylrwSend0%Avira URL Cloudsafe
                    http://www.ludashi.com00%Avira URL Cloudsafe
                    http://updatestats.cd4o.com/api.php?act=update0%Avira URL Cloudsafe
                    http://www.kuwo.cn00%Avira URL Cloudsafe
                    https://bizhi.hfnuola.com/pc/v/AfterLocalSet0%Avira URL Cloudsafe
                    https://bizhi.hfnuola.com/pc/v/FilterPayWallpaper0%Avira URL Cloudsafe
                    http://install-log.kuwo.cn/music.yl0%Avira URL Cloudsafe
                    https://collect.installeranalytics.comhttp://collect.installeranalytics.comhttps://installeranalytic0%Avira URL Cloudsafe
                    http://www.super-ec.cn0%Avira URL Cloudsafe
                    https://bizhi.hfnuola.com/pc/desktopSubject0%Avira URL Cloudsafe
                    https://bizhi.hfnuola.com/pc/agg/StartUp0%Avira URL Cloudsafe
                    https://bizhi.hfnuola.com/pc/LockWallpaper/Wallpaper0%Avira URL Cloudsafe
                    https://bizhi.hfnuola.com/pc/fhbzApi/checkFile0%Avira URL Cloudsafe
                    http://klog.kuwo.cn/music.yl0%Avira URL Cloudsafe
                    https://www.itrus.com.cn00%Avira URL Cloudsafe
                    https://bizhiweb.hfnuola.com/web/advertising.html?type=0%Avira URL Cloudsafe
                    http://forums.iobit.com/showthread.php?t=167920%Avira URL Cloudsafe
                    http://www.bsplayer.com0%Avira URL Cloudsafe
                    https://logs.hfnuola.com0%Avira URL Cloudsafe
                    https://idea.hfnuola.com20012rgbautoStartauto_start_slienthideDesktopIconpauseVidoset_mute_on_fullsc0%Avira URL Cloudsafe
                    https://bizhiweb.hfnuola.com/web/vip.htmlhttps://bizhiweb.hfnuola.com/web/payNew.html%s?channel=%s&p0%Avira URL Cloudsafe
                    http://stats.iotransfer.net/active.php0%Avira URL Cloudsafe
                    https://bizhi.hfnuola.com/pc/agg/hour0%Avira URL Cloudsafe
                    https://bizhi.hfnuola.com/pc/LockWallpaper/Gethttps://bizhi.hfnuola.com/pc/LockWallpaper/Wallpaperht0%Avira URL Cloudsafe
                    https://www.hfnuola.com/select0%Avira URL Cloudsafe
                    https://idea.hfnuola.com0%Avira URL Cloudsafe
                    https://bizhi.hfnuola.com/pc/v/wallpaperInfoMulti0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    bg.microsoft.map.fastly.net
                    		199.232.214.172
                    		truefalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://www.iobit.com/appgoto.php?to=downloade8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                          		high
                          http://www.vmware.com/0e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://bizhi.hfnuola.com/pc/v/AfterLocalSetBor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.kuwo.cn0e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000046D4000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000049B1000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004378000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.iobit.com/goto.php?id=plusgp01_DBe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://bizhi.hfnuola.com/pc/v/FilterPayWallpaperBor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://updatestats.cd4o.com/api.php?act=updatee8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.iobit.com/appgoto.php?to=activateweb-%de8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://www.hfnuola.comBor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://crl.sectigo.com/COMODOTimeStampingCA_2.crl0re8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  http://stats.iobit.com/register.phpe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.indyproject.org/Bor32-update-flase.exe, 00000012.00000002.2130974363.0000000000BBD000.00000020.00000001.01000000.0000001F.sdmpfalse
                                      		high
                                      http://www.iobit.com/faq.php?product=dbe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.ludashi.com0e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.iobit.com/appgoto.php?to=vertoolde8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          http://ascstats.iobit.com/active.phpe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            http://update.iobit.com/infofiles/db2/db2_oth.upte8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              http://klog.kuwo.cn/music.ylhttp://install-log.kuwo.cn/music.ylhttp://log.kuwo.cn/music.ylrwSende8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.iobit.com/appgoto.php?to=featuree8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                http://curl.haxx.se/Ve8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2138125089.000000006B296000.00000008.00000001.01000000.00000021.sdmpfalse
                                                  		high
                                                  http://www.iobit.com/cloud/db/index.phpe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://collect.installeranalytics.comInstaller eSPT Masa PPh versi 2.0#U007e26022009.exe, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005246000.00000004.00001000.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpfalse
                                                      		high
                                                      http://www.iobit.com/appgoto.php?to=bannerbuye8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.iobit.com/appgoto.php?to=indexe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://bizhi.hfnuola.com/pc/v/AfterLocalSethttps://bizhi.hfnuola.com/pc/DesktopComponent/GetPopupLiBor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.iobit.com/appgoto.php?to=lostcodee8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.iobit.com/appgoto.php?to=proupdatee8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                                                		high
                                                                http://ascstats.iobit.com/moreuse.phpe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://idb.iobit.com/check.phpe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://install-log.kuwo.cn/music.yle8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.winimage.com/zLibDll1.2.3Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://s1.driverboosterscan.com/worker.phpe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.iobit.com/goto.php?id=plusgp01_DBUe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.iobit.com/appgoto.php?to=comparee8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.iobit.com/hotquestions-db.phpe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.iobit.com/driver-booster-pro.phpe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.iobit.com/appgoto.php?to=regovermaxe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.iobit.com/appgoto.php?to=usermanuale8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.yahoo.comInstaller eSPT Masa PPh versi 2.0#U007e26022009.exefalse
                                                                                    		high
                                                                                    http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0se8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.000000000324C000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.super-ec.cnBor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://stats.iobit.com/active_month.phpe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.symauth.com/cps0(e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://collect.installeranalytics.comhttp://collect.installeranalytics.comhttps://installeranalyticInstaller eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005246000.00000004.00001000.00020000.00000000.sdmp, Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.iobit.com/lostcode.phpe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://ascstats.iobit.com/other/db_temp_download.phpe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.rfc-editor.org/rfc/bcp/bcp47.txte8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://update.iobit.com/infofiles/db2/Freeware-db.upte8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.symauth.com/rpa00e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://forums.iobit.com/showthread.php?t=16792e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://www.iobit.com/appgoto.php?to=installe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.zlib.net/De8a0d5af432b7e64DBD.exe, 00000009.00000003.2042962146.0000000003BC5000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000005051000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.0000000003A11000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zBor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                                                                                          		high
                                                                                                          https://bizhi.hfnuola.com/pc/desktopSubjectBor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://www.info-zip.org/e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042962146.0000000003BC5000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2042672563.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004FBD000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://bizhi.hfnuola.com/pc/agg/StartUpBor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://twitter.com/iobitsofte8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://bizhi.hfnuola.com/pc/fhbzApi/checkFileBor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://bizhiweb.hfnuola.com/web/advertising.html?type=Bor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://www.advancedinstaller.comInstaller eSPT Masa PPh versi 2.0#U007e26022009.exefalse
                                                                                                                		high
                                                                                                                http://www.iobit.com/goto.php?id=dbsurveye8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://bizhi.hfnuola.com/pc/LockWallpaper/WallpaperBor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://klog.kuwo.cn/music.yle8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://www.itrus.com.cn0e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://www.360.cne8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.bsplayer.come8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://logs.hfnuola.comOTGContainer.exe.18.drfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://idea.hfnuola.com20012rgbautoStartauto_start_slienthideDesktopIconpauseVidoset_mute_on_fullscBor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://www.cd4o.com/drivers/e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://ocsp.sectigo.com0Installer eSPT Masa PPh versi 2.0#U007e26022009.exe, 00000000.00000003.1674730579.0000000005313000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.000000000324C000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                                                                                                        		high
                                                                                                                        http://www.iobit.com/appgoto.php?to=othupdatee8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.iobit.com/appgoto.php?to=feedbacke8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://bizhiweb.hfnuola.com/web/vip.htmlhttps://bizhiweb.hfnuola.com/web/payNew.html%s?channel=%s&pBor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://stats.iotransfer.net/active.phpe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://www.iobit.com/appgoto.php?to=helptranslatee8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.hfnuola.com/selectBor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              http://schemas.xmlsoap.org/soap/envelope/e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.sysinternals.come8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://bizhi.hfnuola.com/pc/agg/hourBor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://www.iobit.com/appgoto.php?to=forume8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://bizhi.hfnuola.com/pc/LockWallpaper/Gethttps://bizhi.hfnuola.com/pc/LockWallpaper/WallpaperhtBor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    http://ascstats.iobit.com/usage.phpe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.0000000002D50000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2021130019.000000000324C000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0Bor32-update-flase.exe, 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                                                                                                                          		high
                                                                                                                                          http://www.iobit.com/productfeedback.php?product=driver-boostere8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://idea.hfnuola.comBor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            http://www.iobit.com/appgoto.php?to=filerupte8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://crl.thawte.com/ThawteTimestampingCA.crl0e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000046D4000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000041D9000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.000000000416D000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.00000000049B1000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004378000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmp, e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000046AB000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://update.iobit.com/infofiles/db2/db2_free.upte8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://sectigo.com/CPS0Be8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000004D8E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://installeranalytics.comInstaller eSPT Masa PPh versi 2.0#U007e26022009.exefalse
                                                                                                                                                      		high
                                                                                                                                                      http://update.iobit.com/infofiles/db2/db2_pro.upte8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.iobit.com/e8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://bizhi.hfnuola.com/pc/v/wallpaperInfoMultiBor32-update-flase.exe, 00000012.00000002.2134669600.0000000002B23000.00000040.00001000.00020000.00000000.sdmp, OTGContainer.exe.18.drfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          http://www.google.comInstaller eSPT Masa PPh versi 2.0#U007e26022009.exefalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.iobit.com/appgoto.php?to=revokedkeye8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://curl.haxx.se/docs/copyright.htmlDVarFileInfo$e8a0d5af432b7e64DBD.exe, 0000000B.00000003.2061165544.00000000042C0000.00000004.00001000.00020000.00000000.sdmp, Bor32-update-flase.exe, 00000012.00000002.2138125089.000000006B296000.00000008.00000001.01000000.00000021.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://www.iobit.com/goto.php?id=likefb01_DBe8a0d5af432b7e64DBD.exe, 00000009.00000003.2045986235.0000000003D00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high

                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                  Public IPs

                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                  154.82.113.139
                                                                                                                                                                  		unknownSeychelles
                                                                                                                                                                  		32708ROOTNETWORKSUStrue

                                                                                                                                                                  General Information

                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                  Analysis ID:1581812
                                                                                                                                                                  Start date and time:2024-12-29 01:59:19 +01:00
                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                  Overall analysis duration:0h 14m 23s
                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                  Report type:full
                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                  Number of analysed new started processes analysed:21
                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                  Number of injected processes analysed:1
                                                                                                                                                                  Technologies:
                                                                                                                                                                  • HCA enabled
                                                                                                                                                                  • EGA enabled
                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                  Sample name:Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                  Original Sample Name:Installer eSPT Masa PPh versi 2.0~26022009.exe
                                                                                                                                                                  Detection:MAL
                                                                                                                                                                  Classification:mal84.rans.troj.spyw.evad.winEXE@23/435@0/1
                                                                                                                                                                  EGA Information:
                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                  HCA Information:
                                                                                                                                                                  • Successful, ratio: 65%
                                                                                                                                                                  • Number of executed functions: 98
                                                                                                                                                                  • Number of non-executed functions: 166
                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                  Warnings

                                                                                                                                                                  • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 2.16.168.102, 2.16.168.117, 4.245.163.56, 13.107.246.63
                                                                                                                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net
                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                  • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                  Simulations

                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                  20:00:12API Interceptor1x Sleep call for process: Installer eSPT Masa PPh versi 2.0#U007e26022009.exe modified
                                                                                                                                                                  20:00:52API Interceptor1x Sleep call for process: Bor32-update-flase.exe modified
                                                                                                                                                                  20:00:54API Interceptor513947x Sleep call for process: Haloonoroff.exe modified

                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                  IPs

                                                                                                                                                                  No context

                                                                                                                                                                  Domains

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  bg.microsoft.map.fastly.netSharcHack.exeGet hashmaliciousAdes Stealer, BlackGuard, NitroStealer, VEGA Stealer, XmrigBrowse
                                                                                                                                                                  • 199.232.214.172
                                                                                                                                                                  3KFFG52TBI.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 199.232.214.172
                                                                                                                                                                  a2mNMrPxow.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 199.232.214.172
                                                                                                                                                                  tzA45NGAW4.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 199.232.210.172
                                                                                                                                                                  sYPORwmgwQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 199.232.214.172
                                                                                                                                                                  New Upd v1.1.0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                  • 199.232.214.172
                                                                                                                                                                  JA7cOAGHym.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 199.232.214.172
                                                                                                                                                                  wp.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 199.232.210.172
                                                                                                                                                                  final.exeGet hashmaliciousMeterpreterBrowse
                                                                                                                                                                  • 199.232.214.172
                                                                                                                                                                  n5Szx8qsFB.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 199.232.214.172

                                                                                                                                                                  ASNs

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  ROOTNETWORKSUSMicrosoftEdgeUpdateSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 154.82.68.34
                                                                                                                                                                  nshkarm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                  • 154.94.148.181
                                                                                                                                                                  x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 154.82.151.143
                                                                                                                                                                  bot.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                  • 38.145.246.125
                                                                                                                                                                  nsharm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                  • 156.236.225.1
                                                                                                                                                                  akcqrfutuo.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 154.94.130.206
                                                                                                                                                                  jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 154.82.254.162
                                                                                                                                                                  maybecreatebesthingswithgreatnicewhichgivenbreakingthingstobe.htaGet hashmaliciousCobalt Strike, FormBook, HTMLPhisherBrowse
                                                                                                                                                                  • 154.82.100.177
                                                                                                                                                                  nabx86.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 154.82.157.214
                                                                                                                                                                  iwir64.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                  • 154.82.103.244

                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                  No context

                                                                                                                                                                  Dropped Files

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  C:\Program Files (x86)\BtDDIFUEHLCR\7z.dllZwmyzMxFKL.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                                                    ZwmyzMxFKL.exeGet hashmaliciousBlackMoonBrowse

                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                      C:\Config.Msi\5a2ae3.rbs

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):224977
                                                                                                                                                                      Entropy (8bit):6.7523363977510655
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:hQCR8JziAnrQnzMYywmn3h1sp7/WvCnIukR4BbxKigu/fgl1glfdjgBftJeCEEzK:9RuTQnzXtr7tbxKVuE1gQJeCEMx4T
                                                                                                                                                                      MD5:A357DD2A8550821786A607B95E4C5C51
                                                                                                                                                                      SHA1:E6C56182799AF5C0BF96C7C7F8174959D1F76674
                                                                                                                                                                      SHA-256:379D83EC7D029465B61AB5BC944BEB3B554D960A77F1B7F269AAA98B022D8B3F
                                                                                                                                                                      SHA-512:01271B6363025CF38527D98E98382678AE6C4E71B2B8A16871A88FEBE6FFE6699318795313E6ADC6E86561DE789316BB57CE180EC5E9C3D4C9F231E6CD68B746
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...@IXOS.@.....@...Y.@.....@.....@.....@.....@.....@......&.{AF084EDE-DB6F-45F9-8AB2-9750C7AF5081}..Windows..DAN_127.msi.@.....@.....@.....@........&.{FF04FCEE-D135-4246-945D-4A9D97099E64}.....@.....@.....@.....@.......@.....@.....@.......@......Windows......Rollback..ck(W.V.n.d\O:.....RollbackCleanup..ck(W Rd..Y.N.e.N...e.N:. .[.1.].....ProcessComponents..ck(W.f.e.~.N.l.Qh...&.{0BDD925F-9555-4E0F-A320-9E414AC18B7C}&.{AF084EDE-DB6F-45F9-8AB2-9750C7AF5081}.@......&.{FEAD2C16-C7B0-493E-B979-1B01A169ADEA}&.{AF084EDE-DB6F-45F9-8AB2-9750C7AF5081}.@......&.{EC42FCB1-8AAF-4702-9E48-B83254BD3FB0}&.{AF084EDE-DB6F-45F9-8AB2-9750C7AF5081}.@......&.{BDAF5FA3-1BA6-42D1-894D-41DA643F7A2B}&.{AF084EDE-DB6F-45F9-8AB2-9750C7AF5081}.@......&.{25BC8264-C934-445D-B75A-54A198CB23F0}&.{AF084EDE-DB6F-45F9-8AB2-9750C7AF5081}.@......&.{546DDB96-6B8B-4364-8020-B0224286327F}&.{AF084EDE-DB6F-45F9-8AB2-9750C7AF5081}.@......&.{F6C9FDFB-FE64-4F40-A063-A4A1D40934C4}&.{AF084EDE-DB6F-45F9-8AB2-9750C7AF5081}.@......&.{B8

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\7z.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1390312
                                                                                                                                                                      Entropy (8bit):6.599443687044708
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:w4wwwwscgymwef8Z8Zzj6z1el68mUi1m/ONxdDDHNCU+3kvaBW7839l5Qafgb6L1:pwwwwscgymwefyEQ/U6/NnDDHNCTeaBf
                                                                                                                                                                      MD5:292575B19C7E7DB6F1DBC8E4D6FDFEDB
                                                                                                                                                                      SHA1:7DBCD6D0483ADB804ADE8B2D23748A3E69197A5B
                                                                                                                                                                      SHA-256:9036B502B65379D0FE2C3204D6954E2BB322427EDEEFAB85ECF8E98019CBC590
                                                                                                                                                                      SHA-512:D4AF90688D412BD497B8885E154EE428AF66119D62FAF73D90ADFFC3EEF086CF3A25B0380EC6FDC8A3D2F7C7048050EF57FCEA33229A615C5DCDA8B7022FA237
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                      • Filename: ZwmyzMxFKL.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: ZwmyzMxFKL.exe, Detection: malicious, Browse
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0...0...0...9a.=...9c.I...9b.(...b......b.. ...b..&...9...1...9...7...0........4................1....o.1.....1...Rich0...........PE..L....x.c...........!.........~......x7...............................................~....@.........................P...|......P....p.................P,..........0...............................P...@............................................text............................... ..`.rdata..............................@..@.data...0........4..................@....rsrc.......p......................@..@.reloc...............B..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\Gme.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):400480
                                                                                                                                                                      Entropy (8bit):6.6249170967240625
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:ke/EYk6LSMAROeK3nzAPSayAj7+fyJHbVJMs/ubUQ3Q/p:MQ7DAvhpGs/8UQ3QB
                                                                                                                                                                      MD5:CC4F1CDFA6A90B6152B8012E8C035DFD
                                                                                                                                                                      SHA1:011098BADE1BD47557147B8CF3BAF4A070CB9D7C
                                                                                                                                                                      SHA-256:7B9FF465FA54E5EDF69F0794D7CAF7ADC6D7B20534E6DA0181DC93DC062E7CCA
                                                                                                                                                                      SHA-512:0084BADEBBAC672904BD7E19019C2D86B4745DEA26229CE82E48E0A5134DF3FA42B4948C673B17432BFE14F13A82B0BAFF3B5D861AA4AB3A951AF40793780CE1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_..N>.EN>.EN>.E.qXEM>.EGF[ET>.EGFJE.>.EGFME.>.Ei..E[>.EN>.E.>.EGFDEg>.EGF\EO>.EPlZEO>.EGF_EO>.ERichN>.E................PE..L.....rZ...........!.........*......?#.......................................P......j.....@..........................m.......^..........x................5......H3..0...................................@............................................text............................... ..`.rdata..d...........................@..@.data....q...p...6...Z..............@....rsrc...x...........................@..@.reloc..PM.......N..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\GmeApi.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):427104
                                                                                                                                                                      Entropy (8bit):6.602064716561835
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:d54WjgpIW+m/CbqwcAjoZOtjEipBiRuL9JK:avGPJbtjEY2uL7K
                                                                                                                                                                      MD5:50B836C0E21FD4EF3F6F6102F9162FEA
                                                                                                                                                                      SHA1:704834D4BE32AD186FD761E908CC0518AC2A8117
                                                                                                                                                                      SHA-256:8CFC18609E75074EB0FBF3C87C1B41E263DE503083A7EBBB00643E0F05A2920E
                                                                                                                                                                      SHA-512:B2C220F954A38B7EBC44FA60454CD8322A21714F1E3D593F32B7C4865113157965E1C8C0821F60F1865270FCB2529EBF8CDD32F1DE44A7626C0D0DB304C72644
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.p...#...#...#..T#...#..W#...#..F#Y..#..A#...#/V.#...#...#...#..H#:..#..P#...#..V#...#..S#...#Rich...#........................PE..L.....rZ...........!.........F.......c....... ............................................@.....................................x....@...............N...5...P..88..."...............................k..@............ ...............................text............................... ..`.rdata..r.... ......................@..@.data...Dm.......6..................@....rsrc........@......................@..@.reloc...Y...P...Z..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\GmeApi64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):572512
                                                                                                                                                                      Entropy (8bit):6.263529853370218
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:Azb0JSwmBU/no1rNW23dImf/D/cnlu41T3ork5d:AH0JSwmko1rNW23df/D/cnlhp3d5d
                                                                                                                                                                      MD5:984829AFB3ED76FABCAB8AE4BE1FF15C
                                                                                                                                                                      SHA1:2498F20AB62E3061FB144C7CEAE5CF254D6C7095
                                                                                                                                                                      SHA-256:F257E86E42D7546C37AEABDC7BF1D00BC09E7B26D9AF4478302FF2B872187C33
                                                                                                                                                                      SHA-512:5270AE482E8C462B5360DD60C06D8757BE5F7E513A0A7BF993F3F088A67516AAA0A744CDBD034828D3AAF5E6EADAF630317ACF325B03E028398C7EAC12A97B04
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i...........BG@.....pC.....pR.....pU.L...........f...p\.....pD.....ZB.....pG....Rich...................PE..d.....rZ.........." .....F...:......,T...............................................V....@.....................................................x............p..Tf.......5..........pe...............................................`..X............................text....E.......F.................. ..`.rdata..Tx...`...z...J..............@..@.data............@..................@....pdata..Tf...p...h..................@..@.rsrc................l..............@..@.reloc...............r..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\HackPatch.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):572312
                                                                                                                                                                      Entropy (8bit):6.6114481461607175
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:KmuYzDRB54CwW2U0lY4woeFuA0TpxVQ8Y3Ew+zBsPO3erF7q0zoCiJbDjdxzF5og:Ju+469PqNYsBsPTziDjLbCEGne9Z
                                                                                                                                                                      MD5:5CC95EA39AB6D7751A1A85F832CCA011
                                                                                                                                                                      SHA1:387B60FE4F257BA8A0F5DA566709640F972EAA3B
                                                                                                                                                                      SHA-256:4BF5DD0ED84D6C7B4965628A22668F733C167427B20A4B56AE356205381B527F
                                                                                                                                                                      SHA-512:6E28E6D3D1A6BF4FB046A7F03F68FE27F8A7151465412EA4126AD3DD2A9DC9C89238923E858C644892D72D318CF2112C4AE60DAE363CC5EC41DEF1663BFDD101
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Yara Hits:
                                                                                                                                                                      • Rule: Mimikatz_Gen_Strings, Description: Detects Mimikatz by using some special strings, Source: C:\Program Files (x86)\BtDDIFUEHLCR\HackPatch.dll, Author: Florian Roth
                                                                                                                                                                      • Rule: Mimikatz_Strings, Description: Detects Mimikatz strings, Source: C:\Program Files (x86)\BtDDIFUEHLCR\HackPatch.dll, Author: Florian Roth
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^.^.?g..?g..?g.=Nf..?g..ac..?g..ad..?g..Yb..?g..Vf..?g.=Nb..?g.<Nb..?g..G...?g..Ya..?g......?g.!ab..?g.!ac..?g.>ac..?g.>ab..?g..ab..?g..Yc..?g.....?g.....?g.H0:..?g..Yf..?g..?f.5=g.!an..?g.!ag..?g.!a...?g..?...?g.!ae..?g.Rich.?g.........................PE..L....Enc...........!.....,...|...............@............................................@.........................`p.......q.......0...r...........r...I......dK......p...............................@............@...............................text....*.......,.................. ..`.rdata...T...@...V...0..............@..@.data...D_.......$..................@....gfids..............................@..@.tls................................@...PlugImm...... ......................@....rsrc....r...0...t..................@..@.reloc..dK.......L...$..............@..B................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\Hamster.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):249768
                                                                                                                                                                      Entropy (8bit):6.601810977306283
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:/0jvJ1SDHfvcFHDSU4/eebh4HT4dK62HPWA2F0T7z/LDdUjE2rRNq5N5EuXCRfC:/0jTSrMtceebhz32HPWnoBUw2/G5r
                                                                                                                                                                      MD5:2EA3ACA1D36D16F0699261F77EE6ECCE
                                                                                                                                                                      SHA1:31C6575F5EC4F48ED3939FD5484F4E3D5869D3DA
                                                                                                                                                                      SHA-256:12B2AAA9C7222B13E97A0870006CFC498134F7182009C49FAD0281A85D5CD386
                                                                                                                                                                      SHA-512:30057B3491807413603C5A4668D020A384548CE6F41BA9DE6C708C4BF052BE10113AE5AAF41697ACC2AB56E9674EE8DC4669584FA9F838A9359842038F82394E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...U..U..U.....U....9.U......U.*...U..T.'.U.....U.....U.....U.....U.Rich..U.........................PE..L..._wWX...........!................................................................,.....@..........................M..R....B..d.......l................5......8...`...............................@...@............................................text...o........................... ..`.rdata.."~..........................@..@.data....H...P...,...6..............@....rsrc...l............b..............@..@.reloc...,...........j..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\HipsLogCenter.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):555240
                                                                                                                                                                      Entropy (8bit):6.523642703236138
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:RzJibra10t6DBAAxFhNngOsLOsZDvnCjN8d6HVilI5hKRPnQ0FbgB4e:CbzipngOsLOsZL38IKb4PQ0Fbje
                                                                                                                                                                      MD5:4B481EA28EC7B065AD6C7FE7674AA363
                                                                                                                                                                      SHA1:152FC3DA4A1DF717623E4D57476A1D72ADD7F610
                                                                                                                                                                      SHA-256:92AA7045E70E2BBB706DCD1A1D9B41026CFA06FEDF0E48EE0CAE63B8B80084F5
                                                                                                                                                                      SHA-512:08F8388322D3623F8DBC23DB60E0542B972754FEAB4071C0FC7382F9EBD54313A8A10E5EBAC9D72E5F4909B23A2FCB4114B44BCF47F3090B029DDEA27CFF21B3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........\O..=!..=!..=!..E...=!.Kr...=!..E...=!..o...=!..E..b=!..E...=!..= .<!..E..=!..E...=!..o...=!..E...=!.Rich.=!.........PE..L......d...........!.........V...........................................................@.............................w............................L..P,...`..4C..................................8v..@............................................text............................... ..`.rdata..............................@..@.data...\........j..................@....rsrc................@..............@..@.reloc...Z...`...\..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\HotfixCommon.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):180800
                                                                                                                                                                      Entropy (8bit):6.720835675786583
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:zQPGqss58Kg5dqBLQ8/90/qTQPOfb7+sH1buHv/c6R2Wmjgk4Kq2iSiTHa89B:zQPB4jqBLQ86qsPOf+8RuHXc6tmv4KqZ
                                                                                                                                                                      MD5:91D9E316BD0533C92BDE234131EC7AB4
                                                                                                                                                                      SHA1:86D1997382E3FE81AC27B88EFE33E1773D095518
                                                                                                                                                                      SHA-256:62BAAD0A128B580889091F015384410BD491F21BB101682557B034ACB28E00D9
                                                                                                                                                                      SHA-512:BDD41A900EB1299815CA24FD78EE5499F20C78C5E62CAF11934A5348836C557AB402DF1D75B4932AA6E322562C8CDEBB120FC74137ED9D693AE6719C44C5718F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...................................x...........!..L.!This program cannot be run in DOS mode....$.......N .'.A.t.A.t.A.t..zt.A.tX).u.A.tX).u.A.to'.u.A.t.(.u.A.t./.u.A.t.9(t.A.t.,.u.A.t.,.u.A.tK&.u.A.tK&.u.A.t.(.u.A.t.(.u.A.to'.u.A.to'.u.A.to'.u.A.t.A.t.@.tX).u.A.t.,.u.A.t.(.u.A.t.(.u.A.t.(.u.A.t.(Bt.A.t.A*t.A.t.(.u.A.tRich.A.t........................PE..L....@W^...........!................................................................i....@.........................p'......x(..x........................7..........@...p...............................@...............8...x#..`....................text............................... ..`.rdata..tD.......F..................@..@.data...h....@......."..............@....detourcX6...`...8...*..............@..@.detourd$............b..............@....rsrc................d..............@..@.reloc...............j..............@..B................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\HotfixCommon64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):219200
                                                                                                                                                                      Entropy (8bit):6.255426513524174
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:n7pWDP71+xRSkTt9XFD6RAtofSUAfohtDanx51K6flyT9S9:1WDP71+xR7h9XFBtofStomfK69e9S9
                                                                                                                                                                      MD5:C64D91E0734622D550F578CAC023FE9B
                                                                                                                                                                      SHA1:9B5F47305F02ED862BE6A8E6F6D48647F9311E84
                                                                                                                                                                      SHA-256:9AA97B67D074D85CAFB29A0A561DFAA2416A283FC8A228B6904D63D16C8C463B
                                                                                                                                                                      SHA-512:FD419DE7FBC7C0B9F33CD340E2DEF67849DF628799FC0507DFEB6F77DD8681232B81216D082155278EC7D158E99FB480EEAC884A8962F410321F91A89D500CBD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$........-...L.E.L.E.L.Er.^E.L.E.$.D.L.E.$.D.L.E.*.D.L.Et%.D.L.Ev".D.L.E.!.D.L.E.!.D.L.E.+.D.L.E.+.D.L.Ev%.D.L.Ev%.D.L.E.*.D.L.E.*.D.L.E.*.D.L.E.L.ERM.E.$.D.L.E&!.D.L.Ew%.D.L.Ew%.D.L.Ew%.D.L.Ew%fE.L.E.L.E.L.Ew%.D.L.ERich.L.E........PE..d....AW^.........." .........$...... .....................................................`.........................................0.......8...x....`............... ...7...p..T...PO..p....................O..(....'............... ......0}..`....................text...0........................... ..`.rdata...q... ...r..................@..@.data................x..............@....pdata..............................@..@.detourc.h.......j..................@..@.detourd@....P......................@....rsrc........`......................@..@.reloc..T....p......................@..B................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\ImAVEng.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):175728
                                                                                                                                                                      Entropy (8bit):6.544553321577818
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:ix5UgqxBe84iqhlPyKc4pquYWWM1qOrlhPzc8ylmyK5WodzzDi:i4pgbzTYWRZHrc9lNQzq
                                                                                                                                                                      MD5:B8FDC03B9B84A62C5C541524DCA2E723
                                                                                                                                                                      SHA1:5643ADAE63CA199F9C44A35F3B30947A0F8B6D21
                                                                                                                                                                      SHA-256:1F6F3DADCC4C3096EEBFB5CE5DB979755ABA5CEB9DB18E6CA6238F05B45E5F4D
                                                                                                                                                                      SHA-512:A31708C251967D484F242BE658E92E94D87671294CD2C959276EC3B739D46F3FC7D1140CC8F78640DBD9970EC2176633E67DD079A3182ACDCE0FA8A7DE366637
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.G...G...G...N..U...N..=...N..~...`a~.F...`ah.L...G......N..R...N..F...Y...F...N..F...RichG...................PE..L...2..T...........!................q.....................................................@.........................@`..U...pT..x...................................p................................>..@............................................text............................... ..`.rdata...`.......b..................@..@.data...@7...p.......N..............@....rsrc................h..............@..@.reloc...'.......(...n..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\LeakFixHelper.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):313952
                                                                                                                                                                      Entropy (8bit):4.32348576044483
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:7cxIVD6kUS+hV/EENZH3JzJPlZ4k5O0f+BC9vCfFL:ooehV/pJzJPHM
                                                                                                                                                                      MD5:A88A6FFF171F7FECF8668DA1EFC843DF
                                                                                                                                                                      SHA1:E4C8B375BBECF5790B2B0444B049CCE11659D598
                                                                                                                                                                      SHA-256:34CCCEC093F5711D1202F54BFE8756E093E4F84099EC7D609AB9658C3C941921
                                                                                                                                                                      SHA-512:808F6E217F5E157663E66B46429636C4D811ACA7C5672EDD1B003377BB4A039265B4FB905B4ADE39D81B3E64E7793BE8278454155E8BD2EE92FB5B6F919563EE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................l.......z.....h...............}.......s.......k.......m.......h.....Rich....................PE..L.....4Y...........!................e ..............................................'H....@.........................`...K.......<........................5..............................................@...............|............................text...M........................... ..`.rdata...N.......P..................@..@.data...........j..................@....rsrc................`..............@..@.reloc...*.......,...f..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\LeakFixHelper64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):362400
                                                                                                                                                                      Entropy (8bit):4.208790369342181
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:ZGlYJdSi2t2SwbVGMuyic94uxJmXs/wIb8n9ssWy5cdJEnpOwD7A51B8BLRPrB:0lYXSi2ttqWc/PYOy5cQnpOS51
                                                                                                                                                                      MD5:3D01B2B5288974E922B6417FD3B02373
                                                                                                                                                                      SHA1:5649D3E7E15D1BF707CD7C28FE9931E5620EE9ED
                                                                                                                                                                      SHA-256:B438EF547753F91577730FFE9321563E7DD4ABBCBF056ADEE3C49906FC1EABD4
                                                                                                                                                                      SHA-512:F0C0EEBA22F33A4C596FF1272D681E7A349AB60112FD0AF5C75E07F065F35525C332270DE0ECC171D0B4BF53C3BC79C4E40BAD0EF1A0418A2D5DE882765D2FEC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|.|\../\../\../Uef/(../Uep/V../{./Q../\../.../Uea/i../Ueo/W../Uew/]../BOq/]../Uet/]../Rich\../........PE..d.....4Y.........." .........F......lz...............................................f....@.........................................pm..M....b..<............p..|....F...A.............................................................. ............................text...L........................... ..`.rdata...].......^..................@..@.data........p.......\..............@....pdata..|....p.......&..............@..@.rsrc................2..............@..@.reloc...............8..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\LiveUpd360.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):647184
                                                                                                                                                                      Entropy (8bit):6.591959886632138
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:I/8iKgqct1l8h5H/30CrYXUjniBZoStkf0EOl/mvxxXiINkYF69+:NbhV0gMYnigStkMEMSxXrmYF69+
                                                                                                                                                                      MD5:960B05116F13AE8E8B17A6BA2919BF2D
                                                                                                                                                                      SHA1:D1A58D1F65272198D0A6657B06FAE6D27F1E156C
                                                                                                                                                                      SHA-256:00354506D4F1DD6A1FDF9450CA4A8E799A5A420A1A47BA3E41D7B30D8D02440A
                                                                                                                                                                      SHA-512:7A05E3178ABB8F92AA3A61F8A3156C87BD46F03F12D8EFC6CC1FEEE36B2508816E761BF6A3385BBDA2DD16EA3AB9CB4A5B899C3D844257811F0B3D9C4464713B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............`..`..`....`.i/]..`...^..`...H.%`...B..`....`..`..`...O..`...Y..`..2_..`..`\..`...Z..`.Rich.`.................PE..L...*..b...........!.........................................................@............@.................................(...........................xC.......N.. ...............................X...@............................................text.............................. ..`.rdata..C?.......@..................@..@.data...8........2..................@....rsrc................*..............@..@.reloc..<d.......f...4..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\MiniUI.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):921160
                                                                                                                                                                      Entropy (8bit):6.7626587126151065
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:nJtdTUbI0Ig/fMiK6hRN/IgOoWtT9nQnap:nJjUbIU/fPHhrIgBWtTFQnap
                                                                                                                                                                      MD5:5123C3B8ADEB6192D5A6B9DC50C867B1
                                                                                                                                                                      SHA1:6D142074A21AA50C240CE57CA19A61E104BBDF41
                                                                                                                                                                      SHA-256:273CE954C8D33ABAAC3A0FD8546719F09718C1D91317ECF5B99181DFFA3FE26A
                                                                                                                                                                      SHA-512:067305A8F09C480FE4A4C8609638C9A490C4EBE2782BD13C10B380DF14F76D4748EB785F44E7BCB86514718F99D07C3C6A4B43928A294B18020CB0FA589EE2A0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S...2...2...2..f}M..2...JN..2...JR..2.......2.......2...2..3...`_..2...J_.y2...JX.%2...JI..2...`O..2...JJ..2..Rich.2..........PE..L...h..Z...........!......... ......Q........................................ .......G....@..............................................................7...P..$....................................'..@.......................@....................text............................... ..`.rdata...].......^..................@..@.data...X.... ...X..................@....rsrc................j..............@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\NetDefender.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):451480
                                                                                                                                                                      Entropy (8bit):6.641728581015286
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:c2qfhIic6ZYk/UxdGhZi1MVv2MIbvweYsoOzpgseJUnv9it:c2qfGhz/qgodsoRenv9it
                                                                                                                                                                      MD5:2C63554380D33E2AB153CB285E72C2F8
                                                                                                                                                                      SHA1:1EDE14CA4003AE639AA80E2F4E90558DD1A49A7A
                                                                                                                                                                      SHA-256:F77F9AFB3459F2D2C8FB0354317A0353ACBBF6D31988597775ADCD9AB0D80BA1
                                                                                                                                                                      SHA-512:96F951089D907F635AF5A517AAF53FD13064ECA471DC4440B8C67147A91F11043043F102814C2E6DE8933F81F30D6AFFFCC073BF98670A8D52A5518AD89646B7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........`.q.3.q.3.q.3B>.3.q.3...3.q.3...3kq.3..3.q.3..3.q.3.q~3.q.3...3.q.3...3.q.3...3.q.3.#.3.q.3...3.q.3Rich.q.3................PE..L....tc...........!.................}..............................................D.....@..............................................................I.......7.. ...................................@............................................text.............................. ..`.rdata..o^.......`..................@..@.data....w.......2..................@....rsrc................*..............@..@.reloc...Y.......Z...>..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\NetDiagDll.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):337736
                                                                                                                                                                      Entropy (8bit):6.495942481063909
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:g1wCwn8QI2fm53Nx4Lj23TIae3m7jwyhb/7hjW7iBH+ljFx5mcvbKr:gmnckm5dy63TRe3XyhbNjWep+ljFx5R
                                                                                                                                                                      MD5:22C3095414CE54C8405225E3BCAAE591
                                                                                                                                                                      SHA1:9F0515A564B5077F49AACE011E84AF51F9973F32
                                                                                                                                                                      SHA-256:B734DB11E973318D728FE92E112639AE5B8876C855E6507315C707D04D3E0746
                                                                                                                                                                      SHA-512:2BE22658A038F8061B398489C357EFBA0F920FA24655A53650593D4924EE565E445D3A7CFD2C9689BC3A79E8355157004640E49B0249FCA63B3EBE11726D42A8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........T...T...T....{.V...].x.M...].n.....].i.....T......s;..O...].g.G...]...U...J.y.U...].|.U...RichT...........................PE..L....fgS...........!.........(......~........................................`...........@.............................U...l....................................,..`................................S..@............................................text............................... ..`.rdata..............................@..@.data...8Z.......0..................@....rsrc...............................@..@.reloc...A.......B..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\NetSpeed.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):499432
                                                                                                                                                                      Entropy (8bit):6.633998530829339
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:2gz1k3fKRVIpJcADwPkUeKvd8C/RxC4MwYXlHUCMJ/TBJnt8KZ0Se+4xichK4:tMfKRGJc1tnPC4MwYXVl4/Trt8K61s2
                                                                                                                                                                      MD5:049791828DE05D24D29EC9C8687F8B1A
                                                                                                                                                                      SHA1:2B6D787EB078DFAE0C6718A9D99D06CEB01FB273
                                                                                                                                                                      SHA-256:D418DDA34640521B8695642C7A7E719F173F706472617CFF4ED343FB68211862
                                                                                                                                                                      SHA-512:7E36019A163F55932F95D33FACB216B69244DC8D5506CFD1D2E707A736AF448D7A4F78ABEAF85CF0F42E4E18B7EB1D330A9788F73773E6BE23A61C6B2981136F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............a...a...a.......a.......a.......a......a.......a.......a...`.D.a.......a.......a.......a.......a.Rich..a.........PE..L......c...........!................................................................|.....@.............................a............p...............r..P,......@F.................................(q..@...............`............................text...E........................... ..`.rdata...G.......H..................@..@.data...Xp.......,..................@....rsrc........p......................@..@.reloc..|d.......f..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\Netgm.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):343784
                                                                                                                                                                      Entropy (8bit):6.490658338748216
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:rFp+cWO/EibdFr0Zv7U7bAb1qi8JU0Wexe/1Yd02Y+VZRg43r:rFMcWO/Eib3r8jU7Q1qi860WexexEGe
                                                                                                                                                                      MD5:6E5F6B4D49768E131EF614DD07E5EFA5
                                                                                                                                                                      SHA1:DBA90982727A9373C8D97E72500D89814184C7B6
                                                                                                                                                                      SHA-256:EE326C156144EB89DE76C21C66BDA10BD22922B1A9C85615CACEE84DF355604C
                                                                                                                                                                      SHA-512:12FF45D6F469B577E74A62B866DAE2A879751654A6627250286E3CC4F319411FE901155347DA762010F373BBEB46F2BD95E0428893242EE4707BEFA7312CF92D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............o..o..o... ..o.....o.....%o..=..o......o....o....o..o.._o.....o.....o..=..o.....o..Rich.o..........PE..L....P.d...........!.........d...............................................p....... ....@..........................Q.."....@...........Y..............P,... ...*..0...............................x...@............................................text............................... ..`.rdata..2...........................@..@.data...._...`...2...@..............@....rsrc....Y.......Z...r..............@..@.reloc...C... ...D..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\NetmLogin.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):533600
                                                                                                                                                                      Entropy (8bit):6.567835943059589
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:OgmCH8ZkhmmpKJiv/Dn5EWomaMIhEKf3Io7fknS52:Og58GnOthL/I1nW2
                                                                                                                                                                      MD5:5D7B815A95164AFB4A8E35240644793D
                                                                                                                                                                      SHA1:3AA5BFB8B2EE68C33BEB3190480CBE0149C29A96
                                                                                                                                                                      SHA-256:1158A8B493FC607354DD21E5A601760C082C00EB8B69E839E17E4A198C807418
                                                                                                                                                                      SHA-512:95E06406294258A3F81446A17E5CF67A02EFCDB0DA257F32ECD5B48D3F00B9BE628E2F82C04856191CDFDE02474ABC62D64D4A200164D7F6149993E548C8A335
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+.o.o...o...o......n...f..w...f......f..!...HTz.~...o......f..$...f..n...q...n...f..n...Richo...........................PE..L......Z...........!.....F..........'........`...............................`......v.....@..........................U..P....G...........................5......LJ..@c..................................@............`...............................text...iD.......F.................. ..`.rdata.......`.......J..............@..@.data....r...`...8...B..............@....rsrc................z..............@..@.reloc...k.......l..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\NetmTray.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):247016
                                                                                                                                                                      Entropy (8bit):6.914297747665078
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:LQvXrZQoI8GHJg9bb9wv/cZD9Da5TUUQJYlCXbKJOZwFSYG0GTO/X3/mCP0V:kFIZgXwvkZqUpJRGOZwFVG0X/mXV
                                                                                                                                                                      MD5:5B4C825671418F34D95EC1F7BB55FFA1
                                                                                                                                                                      SHA1:C0AA182B281EDB4F06BDC98D7CF413AF948AB50A
                                                                                                                                                                      SHA-256:AA51AE325D53D586532145E0C6E702247654502C0349C5FC570D7155353B045A
                                                                                                                                                                      SHA-512:BEC6D76883BF786F93BCA0E32A36CF21002D5E1CDC1C098628D9D50D1E8E40B0E44C6AAA07DD8B503ABA5B638D44CBFAAF6C4BFB0E9F6C8F49470D7664432F73
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..#...p...p...p..ap...p..wpv..p..pp6..p/1.p...p...p...p..~p+..p..fp...p..`p...p..ep...pRich...p........PE..L....B.e...........!.................$....................................................@.............................]....i..........x...............P,..........`...............................HM..@............................................text............................... ..`.rdata...q.......r..................@..@.data....N......."...p..............@....menu_sh............................@....rsrc...x...........................@..@.reloc...2.......4...b..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\NetmTray64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):290024
                                                                                                                                                                      Entropy (8bit):6.537709606383622
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:AhEzpelia8VSPgFmHKbDNATfCfzWNunIj1EpJRGOZwFVG0SJK:AhSpelaSPXMmLC7W4iOZYG0n
                                                                                                                                                                      MD5:0F15D28EB4CCD9DADFEC0305BF5F8E2A
                                                                                                                                                                      SHA1:04DE9FA6736978FDEFA031082C58FFCD0169861D
                                                                                                                                                                      SHA-256:F06872A9A6A6AFB4FEA670385694EA364F271705FB89B09E4390E95752A98F25
                                                                                                                                                                      SHA-512:955B8C3F383C66B4249510A20890C856994F2F4E9FA40C374B472B9E19AC2441A86BE67249F13E1F624AAF2F03D0F6A73F69A0E3D73178F2FC39843382D1041E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5...q..Hq..Hq..Hx..H...Hx..H{..Hx..HN..HVT.Hl..Hq..Hl..Hx..HR..Hx..Hp..Ho..Hp..Hx..Hp..HRichq..H........PE..d...7B.e.........." .....L...........]...............................................L....@.........................................."..]...0....................#...@..P,......P....h...............................................`..@............................text....J.......L.................. ..`.rdata..M....`.......P..............@..@.data....j...0...,..................@....pdata...#.......$...@..............@..@.menu_sh.............d..............@....rsrc................f..............@..@.reloc..L............2..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\NetmonEP.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):160584
                                                                                                                                                                      Entropy (8bit):6.648758970829866
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:ABDE5pe7xyshJiszc1TLQXDNxLYeW54C:Aip4ysYTLcXP
                                                                                                                                                                      MD5:EFEBB6F93832D5A7EEF3BD4EB81D4A79
                                                                                                                                                                      SHA1:9A75E55A08422E7B6A7D695EBB0F61589B31005C
                                                                                                                                                                      SHA-256:542928806DE9A653C52250A0AB3D7847EF9249C195C00B82E5BDEB066AE6D2DF
                                                                                                                                                                      SHA-512:D9F276F0556539739289585B55482034BDF99F0C18917720F1AB84B870DDA3E303792CD4DF85183155BFFF8DA174EFBE8A74506197B268D632BA6916AF00E521
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>...m...m...m..,m...m..=m...m..+m..m.Y.m...m...m...m.."m...m..:m...m..<m...m..9m...mRich...m........PE..L......S...........!.................`...............................................................................*..V.... ..d....`...............X.......p......................................p...@............................................text...I........................... ..`.rdata..VJ.......L..................@..@.data.... ...0......................@....rsrc........`.......4..............@..@.reloc.......p.......>..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\NotifyDown.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):549488
                                                                                                                                                                      Entropy (8bit):6.736896619735914
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:XLgRCEprkKZlVgTndpHpTVWDQZNrHIGUYmHASzK8BnWToS09:7gAEprcnLVADQbzIGHmxK+WTO
                                                                                                                                                                      MD5:14274CF241144895CA05CD456197F573
                                                                                                                                                                      SHA1:4D4009B0A2F7BA56C6C98DC823C41085EF4712C7
                                                                                                                                                                      SHA-256:113562BF950B39E9466E8F646C84AAA93F6B2C89530F56913B0B36E0096239A0
                                                                                                                                                                      SHA-512:5A8009D935EB59B10523494C6C9D0A79FD29B0FA41CBA046E9CCC60A8D2EBA05CCC23D881E121A4526371E21B7C9DB6CC62783E1A5ACAD019705970C9F52091E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............y..y..y.....y.x...y.....y..J...y..J....y..x.P.y.......y.......y.....y.....y.....y.Rich.y.................PE..L....u.T...........!.........@............... ......................................j.....@......................... q.......R..T........Q...........L.......`...M...&..................................@............ ...............................text............................... ..`.rdata...R... ...T..................@..@.data....z....... ...^..............@....rsrc....Q.......R...~..............@..@.reloc...x...`...z..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\Ntvbld64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:MS-DOS executable PE32+ executable (DLL) (native) x86-64, for MS Windows, MZ for MS-DOS
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):42976
                                                                                                                                                                      Entropy (8bit):6.2171815555231875
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:iHfqCaczo/ZinYCOd9L9KyhaM7JubDGpZRKjKj9MPgkU7:8fqT/ZWY/L9l7JheMJ
                                                                                                                                                                      MD5:671F95CAB2B5CF121125413F250F5275
                                                                                                                                                                      SHA1:73D99D09A3D8978A5C6DB43CEC85FB43B03B7A26
                                                                                                                                                                      SHA-256:728A1FCDEDCA6DBD8FDDDE3F33CD64DD99853C26EF5B10D3FEF0D76D0480964B
                                                                                                                                                                      SHA-512:4AF690AF838CEB026636931AEDE3852EAE6D83881149EF4C28CC1DD032C3F7F6A64B30171C2524512FACD40496DAB305523D20637B44EFBF0D5805D0FAD1FFCB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ!..... ..........e..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ntvbldDXML..$............!.L.!.........`......................................................................Rich....................PE..d.....a.........." .....H...".................p..........................................@.........................................pV.......S..(.......h....p.......h..H?...........................................................................................text....F.......H.................. ..`.data........`.......N..............@...

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\PDown.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):253456
                                                                                                                                                                      Entropy (8bit):6.554744612110189
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:OpoEWHpLJeJ8MvIucm/334RStKp7Tu975:vEsLJeJ8MvPcm/30u975
                                                                                                                                                                      MD5:637FB39583F9C2EC81E0557970CD71AD
                                                                                                                                                                      SHA1:ADA1137BB47DF62F48407ACC2DC713D92D13A0E0
                                                                                                                                                                      SHA-256:330B8EC664949CB9DE5BCCE5AC248148B58DCFEED69ACD8D9CB576AAA935045E
                                                                                                                                                                      SHA-512:F72C77D29C51CC6AC1151C919C769BF063E5BAE763033B9BF5BC713E01416ECB301A120B22A17037310E47662EA916A06AA09BB441DBDEE4032A6D59A0876ECC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........gOT...T...T...]..B...].....]..Y...sTr.C...T......]......]..U...J...U...T...V...]..U...RichT...........................PE..L......b...........!................W...............................................j.....@.........................@L.......=..........T...............xC..........@................................!..@............................................text...)........................... ..`.rdata.............................@..@.data....H...P...(...:..............@....rsrc...T............b..............@..@.reloc...,...........j..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\PopSoftEng.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):662920
                                                                                                                                                                      Entropy (8bit):6.526894314465185
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:+huSCyAZQUpHByI4ur32KWVyTHrpGUCiAqfoHD2AvdLnaSZCzm3slIalDoH7+F+2:+huSCySQUpHBl4uqKW2Hr9otZCCAlUHa
                                                                                                                                                                      MD5:C3EA1FBF2B856FC25E5348C35FF51DD9
                                                                                                                                                                      SHA1:87D8FDFDD52FA3BD59FDC7BB1E378091D0D91C16
                                                                                                                                                                      SHA-256:6F24B8CA595B4B472320C7A104C64AAD6F0928AD4F1318D1DCFBB0C5BD488A64
                                                                                                                                                                      SHA-512:298CE88D37E0496CDF6DADCD7D8890128B90113161311D67ED264B003D5840460FE594B8550FA46E45AF88564E4095C21B748CA3D2B497540ABEB0CAF5533820
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g.............~.......~.......T.......~..........................J....~.......~.......T...............~......Rich............................PE..L... .._...........!................q........0...............................P......8.....@..........................J..N...D9...........................6......PT...3..................................@............0..(............................text............................... ..`.rdata.......0......................@..@.data....~...P...8...4..............@....rsrc................l..............@..@.reloc..Vn.......p...t..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\QKFJSGCGWGRQ

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):177
                                                                                                                                                                      Entropy (8bit):5.199674938155793
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:FCxn9go7vcgtHqYcn307C3bKptbwNjGbttcSz3j9BfMkwetdQQqi5xQn:FCgYxtckm3byJwNittR9wgCQPxQn
                                                                                                                                                                      MD5:79D59988C12F0214DCA8BE424A94A91A
                                                                                                                                                                      SHA1:9C88792C8B94767093346F590CDC9C103AF6B4C2
                                                                                                                                                                      SHA-256:D3C151941A923BFBC7E686AECB5648461E8FA1516F93602B7AFF48F2318040D3
                                                                                                                                                                      SHA-512:A4D2F2E6407DE534D26911D540CCE8CF198D29A464CA9ABEB6451A9FA745C47307DF71A9C772E2D60663C4D5B0EABB9713DE794BF923B6153A0AAD3F76893FAD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[XLY]..P2=TLGCBXAGVFLQ.KBI..P5=JHKQFETWJKTIHLLBOKO..P4=TMGJRLDUDWLQ.FCU..P7=PXOEWCVFPIJPLHQSQSX..P3=SUGIPFIMNRQE.TMA..P6=MNHWOTMLOHTPVRFXPCH..P0=DAN127..P1=e8a0d5af432b7e64DBD..

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\QseCore.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):849224
                                                                                                                                                                      Entropy (8bit):6.7893930691706075
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:V/Fiea85oMvk6SqMNH/U6beovEYNVXWTwROJTQ9wC1N4Lx09GpVuQ:VAF85oAk6lMNfU6beXwROJTQSC4l0KuQ
                                                                                                                                                                      MD5:AA4E9E8A1B0B7C4126451814701A449F
                                                                                                                                                                      SHA1:7D988C453283C345E17422FC4B2B6CCFD8200245
                                                                                                                                                                      SHA-256:6CA0ABCD77232A5CBADE520596CAB305012ED72315C09CB5A30C3C1E96367F98
                                                                                                                                                                      SHA-512:0738DFDE9EC2B1E23B88FDA344CFBA443705A3AD87F22629676118DF555BD395D1737066EFCC4257B8138A0D282491CBD30F36D1880CA640E7D463855C0AD63C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........!..O..O..O.{....O.{.....O.{....O.Q;...O...L..O...J..O...K..O..O..O...K..O...J...O......O..N...O.W.F...O.W.O..O.W..O....O.W.M..O.Rich.O.........PE..L.....6]...........!................E...............................................f)....@........................../.......0..d........................6.......W..P...p...............................@............................................text............................... ..`.rdata...........0..................@..@.data....F...@...,...2..............@....rsrc................^..............@..@.reloc...W.......X...d..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\SUGIPFIMNRQE.TMA

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:7-zip archive data, version 0.4
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4838513
                                                                                                                                                                      Entropy (8bit):7.999961065475255
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:98304:PgbEEFSvDacXxd7ApaC/FgEQC0kqIZ27XUGCmTdpdHFHr8V:PgXjcXxxApJyEQDbIZ27XUhmBTHQ
                                                                                                                                                                      MD5:EEF97F5CF47A715367D8F933BDDCDF61
                                                                                                                                                                      SHA1:3F1119620BB8DF7963C59C1ECD7EAA485CFC72FE
                                                                                                                                                                      SHA-256:E2F5E8EB95FAC989DAE56CEF4C737F53F5E1747EE372BE9EBDCE544153A4E373
                                                                                                                                                                      SHA-512:AD50B7B6C48A2DF4167B6794C569861F0F20FE8BDB00D1B0A19B9DA22C4E9A18CC0B3F7EDE976FA9D06D29E549288A28976C788FBD6798A7B8B65835912BE40B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:7z..'......b..I.....A...............N...r.z......=.AO`/..T..V..o..dfS..,;.]*[.PW......y....=....kQ.i.4.;.A..i.........v$.u,.(%... .<....D&..[D...|..........}9.Q.x.S../....(..D.t...).r..8;.i..&.k.C....9.m3i........k.AE}.6.M.^7.0.8...'f........Iz...o(w\V..Z......0.'.Y!yZ...~...'f]M.._.%.yh...+_..,Bp..S.53..`....gKNW...&.ij.g.x.....K..m....A.E.......`O^.....Y...`...\.=gG.V*..Z.W.xh....=.v...:.....i...\.....<. ....2....~B..W.?..qX)r-./!.0.......P.....p..s..{..m^..\....g.<-.U...lOA..b}...0.%"..a..9.4...S.".......m%wHT..U......`..1.x$.{...F2.......hk*.HEp=..O..pW...9.uA../Jo<.P......../.SXoJ.....7t/b}..V...1..K\...v....k....*g.e...3b...o.e.m:.7......Kb...'..9.....lcu8.^.d..T.Y./.6....U..&......9.7...y.j.....].>z{.x..>.)...0#3...4.... ..MT.....3...yq8qrW.m......\..<..l.8.qGw...i...._..5....;."....>...8k}..~r....:...7...6.....Q.......U.....,..aP=4%/..^k......L.-....^.b...`.SU>a.W.2.....X.i.Zm..K.......K.A`...........<.<....t........A

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\TLGCBXAGVFLQ.KBI

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:7-zip archive data, version 0.4
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11899681
                                                                                                                                                                      Entropy (8bit):7.999984125155647
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:196608:A8PLUvOmYVTAsqbS0A9hZZZoTeKJpKkfBEzkos6+ZgVcB+K6tObk87MDuPAEbqkR:JY2xRAXA9bQnfBEOB+mHkIMzEb9nxrpB
                                                                                                                                                                      MD5:E62839794DC4F960FE030473508B9947
                                                                                                                                                                      SHA1:08FF9926F663196AA48E3BE3D32E82A69567C76F
                                                                                                                                                                      SHA-256:5EF198566190D4E09ECF227E07061937D70C743B8C56BA1A94BCFEBD1CD86908
                                                                                                                                                                      SHA-512:29F9C7A5979AEE600573AA2DC1C3E9DB7CCB1A0D73E84ABDDEACCA151A664B1B692A9DF432B3CDF7DB7857BF43F47121769CBB44F7A2D981F86B34A270718E97
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:7z..'.....n.........A.......c..T!.'.1..i...........KKO...M.-..al.\i..~]W.....w.....p.oW1...:1..`U..M..B[....3S.....)...A..B..._.vD2..K.....B........Flj.....Gcn...=.I.-.Zp.a...,@0..V2.fyF.|........_).....u.0.z.R...RB1......4....H..N.7.=).Tid..).<u.#...*..Y..~#......g<....6....+j.~NAEU...=j0.<...A.O...(.;F...P.J..8.H.{g.p.....m<1.u.M...E....O...AY.q.tR\G.\..Jn.C..YM...n...*.+...y..........q.......^..`....%...9.e..<bu5..^..i......]'.S..o.....~1..0.r..,....A...Q.{.!>...t5..c....&.;.?d1J....aG..........y ..#.g..-.....Vst....y..^.jr.....e{.<.=,..7.).2T-4..'..%..&..t.J...T.%f.me.\....R..p......m...m,{Qu...C|..~~.0.JD7p?...O.4.D...{n.{.C5.d8..;S*e..?..^..|M.U......sPD....+....g..G.K...........b..,...Wi.G8..7..`.......k..G......../..=.U..I...3R..[t.3..Ji/(...I.B....\wp,..9...f....g..k..:.z5N....@../._.T.B}P...&.....I..g.m}...nj....a.VAl...pN..f.XI...z.i.[#.....).E.....iP.7,.....wE..F.4.pr..DBl..a.k).h..G{.....H.>..........V.j..D...L.7...

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\TMGJRLDUDWLQ.FCU

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:7-zip archive data, version 0.4
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):204
                                                                                                                                                                      Entropy (8bit):6.465184095835458
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:HOIqt/N0Xfe3uK+tCSqszI1cqLq7ShUictiYAj7w1H+C/KkCVQw8H32buSljT6Lg:ulIXG3SzI1NlUi2I7wNl/CKw57vOEL
                                                                                                                                                                      MD5:67ED0A69C67F49788D8BD2EE4FC4324E
                                                                                                                                                                      SHA1:A96C13719FAEA1240F4C3BBA1781885CDC9F3EA9
                                                                                                                                                                      SHA-256:193902E9A4501C2D29F21AEA391D438EEA68B628DE4DB05A95D3F8DB318218BC
                                                                                                                                                                      SHA-512:CC9D799962F58CEA8F39788F1F82845CA6F96D43DD75C113B9EE77B7852B98F3A68799948E1172074A1CF30F9A45D526C61EA1FFA7B799D82C80C8DE1034E6A0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:7z..'.....)Np.......<........'K(R.:....!.>..8.......927...Aqp.C'b..N1...Q....9c.Q.C........k..}.+....pc$.F....M..eS!.....[n......8.n.A.....p......$.....S...9...t<....".h+#....].......n......v...

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\TP453990d4df32.TPL

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:7-zip archive data, version 0.4
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):719
                                                                                                                                                                      Entropy (8bit):7.594213020193219
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:+fVs8d7Z0cAY4pls/2+o8zE9yQwLhESu+mG/2LtLO9y7X3kiv/KVoA0MM:GsmgY4plE218HLGSiVLcu36ozMM
                                                                                                                                                                      MD5:3F18FAA73084F2BFAFBA4ADCC071715A
                                                                                                                                                                      SHA1:CB3D7999DC729071FFAFC99D7FE7985973785AFF
                                                                                                                                                                      SHA-256:C8367EA78CE0BC182F4B1399EC1A530E7D058951D953D63AB4B649D8EF629654
                                                                                                                                                                      SHA-512:B4C69DC843FB8218878C4C6FB3CA4B9C41CD8A6E78EE985094B5ABCDF93B777650056D773531A44F02B4FEF2B621E82C38F5D7B4F9FBA182C6F400DE7D89A83F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:7z..'....I#)p.......?.......R..C.O..*.....3.:.v..O...d..A..pS....BL.......*W........!ET)|T.....qL.Po}.Sd.=~...HjL..B...Oe6....U.j0h...?]v...B..........+sw....gf...H...]#...z....'_..q.P..V._...S...$....!...s?mm..b.......m..z...I.b!o.y.|........'?....IH.$+.X.p..lV4.e..k.....P..>.T..1M....`W...5..'B....%T|.8.a.d<N5mi1......0..0..7.7..&..]M..%O.......]l...N......5...1/..r......6.Z...\.`.<9.F.8..e.L..J...5.^......$cN9.....O.Ju...R..Q.l..8]0.}g.....u..1?01r.a......o.1..6C.-..O4W.....r........WG....po.oH!..9......X}..e&..Z.:.T&Z.A.T.p..0....k..+Kw1...(L.zd7..!v...'.q....VRx.}....a....9..a..z...../.C...o./c..e...U...."j...K.j...............$.....S.|..D=.).`.....*.#....].............u$...

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\TroPox-B_Plus

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):710888
                                                                                                                                                                      Entropy (8bit):6.630506217753264
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:5n9CCUQ0bGwLt1n/iswKJLUY2XOrEO/6awL7wU0s6OzeoXHhS6ckqIbpieFGrh1l:7+tLt1aNYrfBB6BAqZkyQgJ0VL
                                                                                                                                                                      MD5:C4A08B391245561157AEFD0FE7C40A11
                                                                                                                                                                      SHA1:28D15D43A1BDEBC83701AFD89E6EA9C24F90DB33
                                                                                                                                                                      SHA-256:53D7C8F2FD109E85FC9302B7424875BAD22A148D6EDC6C7FD8E4589E97259BFA
                                                                                                                                                                      SHA-512:24C7608346B76694BF9D8227FF6A794B26D73C0DA93FD231A2331CD371ACC86F293FB9093850F5513DFBE1D269114A56F47DCADBA11BD98C691AB38472A6CCC6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Ta+....................[...............................................W.osp.....r.xt.~xuu...y|...u.pu._jn.t..|............*3}...........l......l..Y...l..... 8..... 8..... 8..............&..........~;.....~;.....~;.....~;.....~;.....ip~s...........................k\..W.....d..................u...C.......Y............[......................................[..........................................+..?...........#7..k....;..+r...W..o............................W..[.............................................|.....Sw.......u.....................{...x.x..?0.......1..................[..[..x.x...Oi...K......................[......~...?....+.......A..............[..[..|w.~..+r...;...s...Y..............[..Y........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\TroPox-E_Plus

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54272
                                                                                                                                                                      Entropy (8bit):5.9384613835931574
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:84fiYqzFjnHIF7NeXNW/bZKn8ei7DAks8EA8sZeuFZjjDQWLFb:1fi9ToRNedW/bj7DiJA8sZeu3EWLFb
                                                                                                                                                                      MD5:59B142B38CFB0CE17D78B9D675E39496
                                                                                                                                                                      SHA1:0038255330C145BA84B9BEB847B992D885B7360C
                                                                                                                                                                      SHA-256:07F115D147FA617BCB46CDE33C50E95B6792B8309E6D9B81F8124979FCEC3E59
                                                                                                                                                                      SHA-512:3B65B4292EB7CFB657648A16784B0B01E2771D618C083761340158293AB1D56547A81A4EA0E6163CDF9614C97D80F88993958AB37BEB8C28A6B710A09B70864E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Ta+....................[...............................................W.osp.....r.xt.~xuu...y|...u.pu._jn.t..|............9.........................@.......C...............).......G.....................ip~s............k\..W.....gr....................................+............................................[............................n............................................................................[............+..k.............................|.....S..............................{...x.x...J...+...K..................[..[..x.x.............................[....|w.~.............................[..Y................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\TroPox-Z_Plus

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1390312
                                                                                                                                                                      Entropy (8bit):6.599443687044707
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:znhMjKSFXpFEzq7zZvjyswjzYnOAjPSy36c9RCvirRMNJbd3g:jhMt/nVo2O56tibxg
                                                                                                                                                                      MD5:C77EE913C46510A705A9DDDD91DE8302
                                                                                                                                                                      SHA1:CB5E045FA27186B9F23E4919590387478B9343D5
                                                                                                                                                                      SHA-256:092689651DB7B81A6816B1F78F8CF81476945D493E9566762F5791ADFC5BDA31
                                                                                                                                                                      SHA-512:A6C080D04C92EFBF8A1A4A1D1423837B1282E4CFC0E77D9DA4BC9F78E235AA6CD8AE3468B588FD9D35BA656A7A1B27AAE805662EB6C84B053D0149855F4A6514
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Ta+....................[...............................................W.osp.....r.xt.~xuu...y|...u.pu._jn.t..|...............K<+.K<+.K<+..@x.D<+..@~.P<+..@y.<+.y.,.<+.y./.<+.y...<+.@..H<+.@..B<+.K<(..<+.#...O<+.#./.<+.#.,..<+.#.+.H<+.#...H<+.#.).H<+.ip~sK<+.......k\..W......~.............................B.......;..........................................[.........................k...........k...................#...k..........K..............................k..[............;..7.............................|.....<..............................{...x.x.......;......................[..[..x.x...K...;...O..................[......~..............................[..[..|w.~.............Y..............[..Y................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):710888
                                                                                                                                                                      Entropy (8bit):6.630506217753263
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:6BMGnPEAEuRNz2HuiEJe0z6h5KEuEVv4D1wEM50+OD2evinKqcQUuWnI8:6BMGnPEAEyXiEw0xXD2evincvFnn
                                                                                                                                                                      MD5:FAE7D0A530279838C8A5731B086A081B
                                                                                                                                                                      SHA1:6EE61EA6E44BC43A9ED78B0D92F0DBE2C91FC48B
                                                                                                                                                                      SHA-256:EEA393BC31AE7A7DA3DBA99A60D8C3FFCCBC5B9063CC2A70111DE5A6C7113439
                                                                                                                                                                      SHA-512:E75C8592137EDD3B74B6D8388A446D5D2739559B707C9F3DB0C78E5C30312F9FCCD9BBB727B7334114E8EDCBB2418BDC3B4C00A3A634AF339C9D4156C47314B4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........f..............U.......U..B....U....................................................c.......c.......c.......c.......c.......Rich............................PE..L.....]d.................n...8......dB............@.......................................@.....................................d.......................P,.......g..pL..T............................L..@...............(............................text...Hl.......n.................. ..`.rdata...............r..............@..@.data...4R...0......................@....rsrc................:..............@..@.reloc...g.......h...B..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\fhjyy.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):175328
                                                                                                                                                                      Entropy (8bit):6.879935553739908
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:jnrQnzMYywmn3h1sp7/WvCnIukR4BbxKigu/fgl1glfdjgBftJeCEEzx4N7mcr5:XQnzXtr7tbxKVuE1gQJeCEMx4p
                                                                                                                                                                      MD5:BE4ED0D3AA0B2573927A046620106B13
                                                                                                                                                                      SHA1:0B81544CD5E66A36D90A033F60A0ECE1CD3506A8
                                                                                                                                                                      SHA-256:79BF3258E03FD1ACB395DC184FBE5496DFA4B3D6A3F9F4598C5DF13422CC600D
                                                                                                                                                                      SHA-512:BD4E0447C47EEA3D457B4C0E8264C1A315EE796CF29E721E9E6B7AB396802E3CCC633488F8BEEB8D2CF42A300367F76DEDDA74174C0B687FB8A328D197132753
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............d..d..d...g..d...a...d...`..d..g..d..`..d..a..d...e..d..e..d...a..d.....d.....d...f..d.Rich..d.........PE..L....]d............................S#............@.................................>.....@.................................d8..<....p...............d...H...........*..T...........................H+..@...............$............................text............................... ..`.rdata..._.......`..................@..@.data........@.......4..............@....gfids.. ....`.......>..............@..@.rsrc........p.......@..............@..@.reloc...............T..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\filemgr.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):618728
                                                                                                                                                                      Entropy (8bit):6.588792056328895
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:B+jJIpPUHR7IS++ZbaL/mH6yf0fvmuZqhI8XlF7YfkLfm7WUjxioncm:U++4LVs0QpFaIm7WKgoB
                                                                                                                                                                      MD5:6E8F89DA86BB82538932DB314C2208F8
                                                                                                                                                                      SHA1:A86C373D7BC49032F0EB7D0BB01DA74BA67B4F43
                                                                                                                                                                      SHA-256:ABA5E0FFC2D21CB5045D13CE66F8D80862600E37431D20E999295CB07DC5EF3D
                                                                                                                                                                      SHA-512:7EAA25D7AC722EF7687357356AC9635B80158918BDA03C3A7E49387BEACD8CD2A9A2ACFD8B5D13571453A7279772FA726A75C9DA0FD7EC6D5BAF202FB928F00C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9..9..9.MvF..9..AE..9..AZ..9..AS.e9..AC..9..9..8..AT.v9..AB..9..kD..9..AA..9.Rich.9.........PE..L....t?e...........!.....8..........b........P......................................).....@.........................p...O............0...............D..P,...@...U...T..................................@............P..$............................text....7.......8.................. ..`.rdata..._...P...`...<..............@..@.data...|s.......(..................@....rsrc........0......................@..@.reloc...m...@...n..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\fixsc.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):147176
                                                                                                                                                                      Entropy (8bit):6.792908985087195
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:oAhT/95cw+pUD+U7s3H9xMaZ7DdJMq5mZZEGP0V:RBADU7s3H9xnBhJyZZETV
                                                                                                                                                                      MD5:2EEFCD3D407E4DA935E5B60EF257E153
                                                                                                                                                                      SHA1:34F56846E9F48F9775DD8250897345B7736DE213
                                                                                                                                                                      SHA-256:837B3DE5BF545BAB85599F0B6D36D8DFE4B3595AE94254CF7C968D1D7DA86F35
                                                                                                                                                                      SHA-512:EA05765A18CDA52A7398E04947C8DD6828BE06B07261C612BB8E550656FF5F9EBBD37F85C07007980044D2036171227EEA978B0D0592D6D584A5DEFE53BF8968
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........J...$...$...$.e.....$......$.....$......$...I...$..._...$...%.{.$......$......$......$......$.Rich..$.........................PE..L...|Q.d...........!.....Z..........X........p...............................p......}.....@.............................l.......d....@..................P,...P..\....q.............................. ...@............p...............................text....X.......Z.................. ..`.rdata..L_...p...`...^..............@..@.data...|n.......,..................@....rsrc........@......................@..@.reloc.......P... ..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\fixsc64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):174824
                                                                                                                                                                      Entropy (8bit):6.422260069407969
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:vjNq/3Jyz4vHAYH7EKJ3eAlNd09cd7g9EEnQHBdp5FFmvBh7P0I:vjN6yKNBJ3eAdNEEEQHB/F4BhII
                                                                                                                                                                      MD5:ED2ACECC811ABF288316C709E2F2D943
                                                                                                                                                                      SHA1:0CCE7CC3687CAAF59E6DEA1A90D1214782B5742E
                                                                                                                                                                      SHA-256:C3E9F2023A28A2115D15D8DA451B8105771C4D4746F494CCF83FB28623CF724C
                                                                                                                                                                      SHA-512:9DD510EABDB4D59B82A7492DFE6A6D11C47721DD0B7F0F22C8060063A94E36FE93A28EC19815AA68F89B1B807AAE584B304AB15D183493295B7E13E65527BEE0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......xI~G<(..<(..<(...g..?(..5P..Q(..5P..7(..5P...(....}.>(.....=(....k.+(..<(...(..5P.."(..5P..=(.."z..=(..5P..=(..Rich<(..........PE..d...UQ.d.........." ................................................................G.....@.............................................l.......d...............x....~..P,.............................................................8............................text.............................. ..`.rdata..............................@..@.data........ ...L..................@....pdata..x............Z..............@..@.rsrc................p..............@..@.reloc..\............v..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\heavygate.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):559000
                                                                                                                                                                      Entropy (8bit):6.789431209891293
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:OrswC3DEddri7Dj1XHmyZQNCAGTFgRJz/9i:gsP3Dwdri7DjlHECAGC//9i
                                                                                                                                                                      MD5:EE6AA967C56CC0D0820C95D4FD89FB30
                                                                                                                                                                      SHA1:D1C5161FB8CCA7FEDFFC1056FAB8D79309EEC01D
                                                                                                                                                                      SHA-256:C7CC69762AE72840D200C14E652A460807F487059F7D0780E245AB36AF445B9B
                                                                                                                                                                      SHA-512:8502D5E4BB48FE3ABCA897F293199815CE7DBB67E4983BF9A9631A4F92602289FBF08D42DC547B96E1C8338C77108019B952DAA5D682465C7C5567CCBAECEEAA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-.$PL.wPL.wPL.wY4?wJL.ww..wSL.wPL.w.L.wY4.wwL.wY4)w$L.wY48wQL.wN.>wQL.wPL=wQL.wY4;wQL.wRichPL.w........PE..L...y.`c...........!.........F......*M...............................................)....@.....................................(....P..L............>...I...`..h...0...............................0...@............................................text...|........................... ..`.rdata..............................@..@.data....B......."..................@....rsrc...L....P......................@..@.reloc..X9...`...:..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\hipslog.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):49480
                                                                                                                                                                      Entropy (8bit):6.739956450503979
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:C2a0KRlGHkg3oqHo3eaB6e7NXQxZzYf3yvZ6/WitUDvb1PRF8oaH:n/HF3xb8KEvyE/cDj15FI
                                                                                                                                                                      MD5:E2D837E2B4DDA87A82553631E7D5627A
                                                                                                                                                                      SHA1:9F1A5A95B4F0AEA6F9061140F0E22EDA819A78BF
                                                                                                                                                                      SHA-256:A5118527EE28C3C263F3FCC3346F8BCA83284E21C8149082F8D1AAA68B39EBC6
                                                                                                                                                                      SHA-512:3FDBB618C9F49FE5C7EA81398401C5AD19EE8A215B9A3D29FC03071935E566B80560A775CEF3F1502F8447B2A2528285C8D4586C576A3E311241A06177E14C52
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$........@3..!]..!]..!].Z.\..!].lH\..!].e....!]..IY..!]..I^..!]..GY..!]..GX..!]..MX..!]..Y..!].lHY..!].lHX..!]..IX..!]..G\..!]..!\.=!].cHT..!].cH]..!].cH...!]..!..!].cH_..!].Rich.!].........................PE..L...>.?]...........!.....X...,.......Q.......p............................................@.............................t......P.......X................6...........z..p....................{......pz..@............p..(............................text....V.......X.................. ..`.rdata..~....p.......\..............@..@.data...P............x..............@....rsrc...X............z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\iNetSafe.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):383720
                                                                                                                                                                      Entropy (8bit):6.579374990134974
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:oG1pYD09uIwtl0F1LrheKG/HYStQGz1DAOoQGEnb5bj1hFu:X7g09uRlYeKG/DHegbjs
                                                                                                                                                                      MD5:3CE009AFF2FE459A8248693AC8DAB788
                                                                                                                                                                      SHA1:607444A7B8AB2E17C525BBE0B28878C3BD0F8099
                                                                                                                                                                      SHA-256:11856EE1D754D31AF95F1047CE6B68CA2395C703A995525FA5D9E4A2678D0B86
                                                                                                                                                                      SHA-512:1AB4ECB89B07F09985B57F0D546FE6063D8ACEDE435F74075EF9A37288F7D9D19DF168AAEDB38093D88BA2E515CBDABB23F87163AC8FCF9A706448B0F4FC2774
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......d_f4 >.g >.g >.g...g->.g...g.>.g...g=>.g)F.g">.g...g%>.g.`.f4>.g.`.f.>.g.`.f.>.g)F.g">.g)F.g3>.g >.g.>.g.`.f.>.g.`.f!>.g.`.g!>.g >.g!>.g.`.f!>.gRich >.g........................PE..L.....8e...........!........."....................pe......................................@.........................0...................8...............P,.......L......p...........................0...@............................................text...}........................... ..`.rdata...O.......P..................@..@.data...p^... ...0..................@....gfids...............:..............@..@.shared.x............<..............@....rsrc...8............T..............@..@.reloc...L.......N...^..............@..B........................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\iNetSafe64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):406248
                                                                                                                                                                      Entropy (8bit):6.190903413261375
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:OazgQG4JdLe2p+teZ3q9y/3clyMEcLeowam/xohKKJJT2pgJ1JhfQeUnZdnkewZ:HgVGemGeNlYbR2am/xolx0nZZjm
                                                                                                                                                                      MD5:E5E4828980E5C836163382F9642D4D24
                                                                                                                                                                      SHA1:E8BFB72EB75D20DEEA9152089B7092E07F2EF2F3
                                                                                                                                                                      SHA-256:639EA37856839C2D5446A82441D7AB94204EE1172487EB88E9AC1CEB6261D554
                                                                                                                                                                      SHA-512:6F621EC441CA46CC48A48056F8E278FF746ECABDAB1933C0FEE18574EE366BD9721487D6462746B6874A5B2CD4D8FC327B5089F351CE8086E10061791034794B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........o-a..C2..C2..C2.h@3..C2.hF3Y.C2d..2..C2.f@3..C2.fG3..C2.fF3..C2.hG3..C2.hB3..C2..B2#.C2RgJ3..C2RgC3..C2Rg.2..C2...2..C2RgA3..C2Rich..C2........................PE..d...j.He.........." ................l................................................t....`..........................................J.......K.......P.......... 1......P,...`..........p...................p...(...p................................................text.............................. ..`.rdata..............................@..@.data...,F...`..."...H..............@....pdata.. 1.......2...j..............@..@.detourc.F.......H..................@..@.detourd(....@......................@....rsrc........P......................@..@.reloc.......`......................@..B................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\ieplus.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):887648
                                                                                                                                                                      Entropy (8bit):6.72536750906441
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:rMl3YXVguMMrGA+64Z/fOl7FPZ1ZGf4a9nCFECq3N:Q0LMe4ZHOFPXZGfNCFEzd
                                                                                                                                                                      MD5:CFB50C3C7D74F518CA9E2828E702145E
                                                                                                                                                                      SHA1:E38FD98574C08BCC6415E62EA7C9A380958A3D1C
                                                                                                                                                                      SHA-256:1C8FF953478CC71166A36181ED32AE7C48B267B011240DB2C701E35D391A66EE
                                                                                                                                                                      SHA-512:BD08332BDB78614F1CDFD2E4939B1B9400476D99B50996C17C0277ED76DB5972FAC5EC77DCD4C56459DAA11C6126DC12D66A4E59122DC9B8D89FF6DF89B83240
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%.U.K.U.K.U.K....T.K.K..R.K.....S.K.....R.K....p.K.U.J...K.\...C.K.\..v.K.\....K.\..L.K.\..T.K.K..T.K.\..T.K.RichU.K.........................PE..L....N.]...........!.....f..........................................................^]....@.................................L...,........j...........V...4...@...s.. ........................6......X6..@...............d...\...@....................text....d.......f.................. ..`.rdata...d.......f...j..............@..@.data...........p..................@....360_iep(............@..............@....tls.................B..............@....rsrc....j.......l...D..............@..@.reloc.......@......................@..B................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\ieplus64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1001320
                                                                                                                                                                      Entropy (8bit):6.375963793592453
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:DaG9UYtX8J3EfBCMwM9E4jRcoI237MSW7/HTdPSYPJBhnHRxd/c:Dx9UdYRwM9EWI23wSWHdPTJB5dE
                                                                                                                                                                      MD5:074CFA8CC35DC642A2B95CC96CE5357C
                                                                                                                                                                      SHA1:CEE218C914D530BE6C9BB9531E78F2137224D5A8
                                                                                                                                                                      SHA-256:4DE592C87C443780B5D475414196B3C5406ACEC8809EA65AF45A50E7E43462A5
                                                                                                                                                                      SHA-512:EF776EB824F4C3152A380B3EC2858A11A96E48711C213AF905FE2B0A972F9CB4A7D83B4B96848DB0B478AF4D19623CB8AC0E5F8FC47007B39E0F16FC2E5FC851
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........../.p.|.p.|.p.|..@|.p.|.?\|.p.|.._|.p.|."N|.p.|V.v|.p.|V.t|.p.|V.s|.p.|.p.|[q.|..I|op.|..N|.q.|..X|.p.|."^|.p.|..[|.p.|Rich.p.|........................PE..d.....].........." .....V..........|................................................-....@.........................................0y..g....W....... ...j...P..H........4......8...p{......................8;..(....................p.. ....V..@....................text....T.......V.................. ..`.rdata.......p.......Z..............@..@.data............n...d..............@....pdata..H....P......................@..@.360_iep(............|..............@....tls.................~..............@....rsrc....j... ...l..................@..@.reloc..d".......$..................@..B........................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\imhelper.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):247528
                                                                                                                                                                      Entropy (8bit):6.604794755347589
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:2Y77YOcw6BdKQYuVXsZy54tgQCkW30W9ezJQ4mRan5kiINyyT7PK0AMZcan5aj9b:n7YiJEIy54gFogRa0Nl/N1Sjl5yxAl
                                                                                                                                                                      MD5:9B05B1F0E62DD100D385807262B84A90
                                                                                                                                                                      SHA1:631449787D7532A855CB061E333C0712AC20E753
                                                                                                                                                                      SHA-256:6BC0133A16C7F058E5C0B6027929DB1145D37717118DBCF24013FA4F2D79E848
                                                                                                                                                                      SHA-512:9F43A542B38D998038D20467BB797CF789A36666F4B8154A548FD6E7BA24A20256C9A0BAB64CD43CB12BEBF704A524FE35F9652FA399237A3F0AFB3BF8670676
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*f.*n..yn..yn..y.Hmyo..yg.ny}..yI..yy..yn..y...yI..yo..yg..y*..yg.xy...yg.qys..yg.iyo..ypUoyo..yg.jyo..yRichn..y........................PE..L...N{.e...........!.................................................................N....@..........................R.......B..........................P,.......&..0...............................p...@............................................text............................... ..`.rdata..............................@..@.data....\...`.......>..............@....rsrc................Z..............@..@.reloc..h7.......8...`..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\ipcservice.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):705768
                                                                                                                                                                      Entropy (8bit):6.685295160437571
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:S/20NCvMDhBsqLeIQA2BcMNcYB1mF5Q3LNOsbwbekwCYgLECHqa7XWpbt9o9TehK:e2KC6hBs6f2Bcm65sO8wACHqaTQJe9Tn
                                                                                                                                                                      MD5:8B632FD2D4EA70470AF97CD5E88F74D7
                                                                                                                                                                      SHA1:9E384D37EB586E9B187F4FFF89C2F104A7921F44
                                                                                                                                                                      SHA-256:AFCBB8BCE2E5C8C5E9AA851941E626A62573E6054EC75C14066AD37726BB9DB6
                                                                                                                                                                      SHA-512:5F7EA2BF6599AA9E0C44C2820F89DF0827EEBD8A037C9DF2AF516D9865BBEEAF31CAC89AF7214A59BD4B25F2BF7EB94E257AA2766F1D12892E1C34E78776F5E1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,B..h#.h#.h#..,..j#.a[J.p#.a[U.d#.vq[.l#.a[L.K#.h#.#".a[\..#.a[[..#.a[M.i#.vqK.i#.a[N.i#.Richh#.........PE..L...X.Le...........!................L.....................................................@....................................@....p..8...............P,......Pk..`...................................@............................................text............................... ..`.rdata..............................@..@.data............6..................@....rsrc...8....p......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\jpnative32.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):202472
                                                                                                                                                                      Entropy (8bit):6.660474984647205
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:jLH6l5IoUzqiNVwzQyaT0NQgepguwz+uQJOAg0FubAIrnXrsFCAsKIP0a:SluoK7QiToQdeAOpLAFCtKha
                                                                                                                                                                      MD5:0EA1C58DEDF685A4A1EEB1C7BD1C972D
                                                                                                                                                                      SHA1:66CA439A737A35FC936D2C8F990AD3538D9F2CDC
                                                                                                                                                                      SHA-256:41780A7339545676A2D587CD5BCEA9181E6FAAF3EC73C5006D7D76B47B98A6F2
                                                                                                                                                                      SHA-512:D16B0A12EE38399C4B05F38E0CCCAFA6BD4984C353AF845337F3E5E8D64AAF3D9B1561E423C5CA59D2652EB083E92FB8832168989B34F11465AD581A39739BA7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~...:gx.:gx.:gx.....7gx......gx.....'gx.h.{..gx.h.}..gx.h.|.%gx.3..=gx.:gy.Zgx...q.8gx...x.;gx.....;gx.:g.;gx...z.;gx.Rich:gx.........................PE..L......d...........!.........*.......\....................................... .......A....@.................................P...P.......................P,..........p...p..............................@...............D............................text.............................. ..`.rdata..............................@..@.data...H...........................@....rsrc...............................@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\jpnative64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):247528
                                                                                                                                                                      Entropy (8bit):6.255611405833788
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:MzlHNKfmGZoRwaQDy4ikigoh7Chpq8eFiybV:6tp9QD7ihgohCQFh
                                                                                                                                                                      MD5:9380B590C9BE993F3F253469D0933765
                                                                                                                                                                      SHA1:0DF57C8EA3D19DCEE142F03D0D6FF4DA7EE5BCCA
                                                                                                                                                                      SHA-256:CB8BE7A72561A379B122AB70CAE681840009CE71C9C50B819B2B9E8CCC7A5B73
                                                                                                                                                                      SHA-512:2277F388E10D8D579203F7546C30DD314C4BA0AEAC0CFBDBB7F393FBFE54F7ED60FBEDB31E524275112D9E1BDB9F5CB24AC02259ABBC096A81E8CE2D32B87F6A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.T...:...:...:.u.9...:.u.>...:.u.?...:.H.9...:.H.?.,.:.H.>...:.u.;...:...;.E.:...3...:...:...:......:......:...8...:.Rich..:.........................PE..d...A..d.........." .................c...............................................8....`..........................................\.......\..P.......................P,......|....&..p...........................P'...............................................text............................... ..`.rdata...U.......V..................@..@.data....'...p.......V..............@....pdata...............f..............@..@.rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\leakrepair.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):705504
                                                                                                                                                                      Entropy (8bit):6.635093248285898
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:GngcmdomAFsBeQsv5REGqRXkgVP73MfsPF9vyt2nSyv9K:fLAFKsv5ROkgVAfsPTyEnD9K
                                                                                                                                                                      MD5:C40E8A502AF91ACA96B85AB36CBE818B
                                                                                                                                                                      SHA1:004141E75604502E2EA30C5760008368C36850D8
                                                                                                                                                                      SHA-256:A10966CC2785845DC296D90EF9C97ABA865BD06DF1A8A7006A7EE53EBD2152FB
                                                                                                                                                                      SHA-512:219630292A8CF70311F06DC1F3A99BA948E7E7BBAB937B0F5B928121838B79FE851B70650BFFD07A4F36A22E2A7B34DE4461D8F4C97FC1322026CA2C5C2E31EF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........fP...>..>..>..v?..>..o=..>..o:..>.l;..>.0n?..>.?u;..>.....>..n:..>.j:..>.j;..>.6....>..n;..>.2n:..>..`;..>..`:..>..o;..>.2n;..>.l:..>.l8..>.l?..>..?..>.4i;..>.bj;..>..n;..>..n>..>..n...>.....>..n<..>.Rich..>.........PE..L...].$a...........!.........z............... ....{5................................b.....@.........................@...0...p........p..................H?......XS.....p...................P.......H...@............ ...............................text............................... ..`.rdata....... ......................@..@.data... 7...0......................@....rsrc........p.......&..............@..@.reloc..XS.......T..................@..B........................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\libcurrant.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):966376
                                                                                                                                                                      Entropy (8bit):6.564045153487216
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:3lzYxkj819KdVtUSPczJfKbM1aIjvI7BxwwuDFkrwtFkUHUZ0sIPbtYUkXAJfTSH:1zge8XKdVtUSPczJfKbM1aIjvI7BxwwH
                                                                                                                                                                      MD5:A9FF3D29AF8CCA5D3C90F17709EB0548
                                                                                                                                                                      SHA1:7F4B69366BA3BBB7BF08206FEA672C807CC2B562
                                                                                                                                                                      SHA-256:45E8B5F32CDE9201278500DF961133AD26AD60C531FCFD77D3D26FEFF105FFD0
                                                                                                                                                                      SHA-512:F043D1599D57B1E86D97CA1E81CF81FF0B3C97B95F1134ABF6DEEAC615F37645A825363315F5FB2139286BB5AEF5FA26C375E829AEC897C27CEA30199310123C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                      Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$................e......e..*...e...................g....2Y-....................i.....y......}....................}.........Rich...........PE..L......d...........!.................d..............................................`.....@......................... ...H...h...x....p..@...............P,......@j..@t..p............................t..@...............L............................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...@....p......................@..@.reloc..@j.......l...$..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\libgravity.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):871144
                                                                                                                                                                      Entropy (8bit):6.407442398411684
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:hgjR9MABH2uK50bPcjV/3WU020ZQA8NM/rmn:ghB1W3WUVeC
                                                                                                                                                                      MD5:9A88DC21D3AC42ECA184F37297387BDF
                                                                                                                                                                      SHA1:2F82552EF8F4B6A10356441CD158F1A0C5905913
                                                                                                                                                                      SHA-256:466DF96D59B878EC6775ECC4D497B71CCD73CB11FBB2C2B23575EFE055BFFB75
                                                                                                                                                                      SHA-512:1136D371771A71D329910ED9BDBF8243F74AD19FCE75F9A8712BC1E1E53EA3EF3722D4E067AB5567366D40D2637AF7E119E7E31734DDB57BCEE126CFE932C37B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......U-.}.L...L...L..3,./.L..3,./.L..3,./.L...L...L.......L..C$./.L..w$./.L..w$./.L..C$./3L..C$./,L..3,./.L...L..]M...%./@L...%./.L...%,..L...LD..L...%./.L..Rich.L..........PE..L......c...........!.................P..............................................._....@..........................{.......|....... ..8...............P,...0...s..p&..p....................'.......&..@............................................text...U........................... ..`.rdata..............................@..@.data....}.......&...|..............@....rsrc...8.... ......................@..@.reloc...s...0...t..................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\libscent35.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):927976
                                                                                                                                                                      Entropy (8bit):5.917840435230856
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:Syp5QtiR2fVE00WKL+YD5ndNpKrtvKXVsFpJppn72z+T73P+2QHkgFrGCZK:1POE00WKd5ndNpKrtClsFXnhT7ZAkgxO
                                                                                                                                                                      MD5:158D719030DBD08384235B165FC211CF
                                                                                                                                                                      SHA1:A8161B15C0BC6576829DA4BC0732794B0AB2E37C
                                                                                                                                                                      SHA-256:BC33C91BE3D31557B16F2B91B90DE96580C3CD2510E3C3D3B77E3D4CC8DBB0B4
                                                                                                                                                                      SHA-512:383E551FFC50D17E9A5B466E996614B5AF35BEB48A72A47CB7D5A35B68D68906E5ABADDAEABD439AA214BE28E7A27FBCA3872537D65D33CA64A53B513A924EDB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?.(e...........!..................... ........@.. .......................`.......7....@.................................P...K.... ..................P,...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........o..P............b...............................................0..M........(....~.....X.....r...p~.........(....(G......r-..p~.........(....o....}....*....0.......... ......{....rU..p~.........(..........(....o...... ...........%......(.....%......(.....o.....o.....o......ry..p .....o.....(~...o.......o.......+.....X.....o....o....&...X......i2..o....*.0...............(.....4........(......-.r...p.....(....(....s....zr...p.....(....o....(.........(.....s|...%o~...%~

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\libzdtp.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):575720
                                                                                                                                                                      Entropy (8bit):6.4118078561661545
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:FoblSYniV7pA1yJVyfI1+RZSihzvjZh2Tx4UTFAzmp4ZZPy1KlU1E:sfI1+RZSiz2VlTF+XHlU1E
                                                                                                                                                                      MD5:82DE25B17C3B9D6BB253B6BE7AD2FEA1
                                                                                                                                                                      SHA1:6F6BCF23753F161D4DE444978C3EBC003D361B2D
                                                                                                                                                                      SHA-256:165FC9F929853B4AE8603BB0C7807456B99871A7C8E9078F95D954C466A7172D
                                                                                                                                                                      SHA-512:71EA0FE18F1EBDA98067460E6661FC108E7116E71651B0D05FB8365BDA92E1DBF02B89D20DF6B47C7557AC52877ED8EE503373164079C0F5C62EBF16439867C4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                      Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$....................r.i....r.k.I...r.j....c.....c............X,_........................................n....n.....n.g..........n.....Rich...........................PE..L.....(e...........!.....v... ............................................... ............@A........................@...........x.......X...............P,......lJ......p...........................p...@............................................text....t.......v.................. ..`.rdata..\l.......n...z..............@..@.data....c.......(..................@....detourc.5...p...6..................@..@.detourd$............F..............@....rsrc...X............H..............@..@.reloc..lJ.......L...N..............@..B........................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\libzdtp64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):682216
                                                                                                                                                                      Entropy (8bit):6.095070464124169
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:rhqnA1JpofoqtokijtH2OMoVTP94CCIKGJToFTz/goFZKk:VqnALpPqXq92bEx4CCIKGJToFTz/gox
                                                                                                                                                                      MD5:3D7564C3B97E0DCC859CE8FAE51BF196
                                                                                                                                                                      SHA1:F6588DAA615A45E375AB4CD8153A3D9BBDC476C6
                                                                                                                                                                      SHA-256:73D11EF506C2282DBD45C4758F6C6B1352C596B1EC684BEF30778965D0774F1B
                                                                                                                                                                      SHA-512:C6021111CA8F0B8BBD111F85397C0F91DD2423B9168711296B484190CF5C43CABE6215AFE4533881F0F285FBB201D4974D7343E92F33681B1983BB1770110246
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$........C".."LA."LA."LA...A."LA...A-"LA...A."LA.KH@."LA.KI@."LA#..A."LA.JO@."LA.JI@."LA.JH@."LA.Z.A."LA.Z.A."LA.Z.A."LA."MAd"LA.KE@."LA.KO@."LA.KL@."LA.K.A."LA.".A."LA.KN@."LARich."LA................PE..d......e.........." .........*.......^..............................................9.....`A................................................d...x.......X.......PF...<..P,..............p...........................0................ ..x............................text............................... ..`.rdata....... ......................@..@.data........0...F..................@....pdata..PF.......H...d..............@..@.detourc.h.......j..................@..@.detourd@...........................@....rsrc...X...........................@..@.reloc..............................@..B................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\lockkrnl.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):628184
                                                                                                                                                                      Entropy (8bit):6.631864802737484
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:Q9tUcJqS8DI9baOCmIJkPI9VYxPmb3pJ3xW2orMvM79G:GWKqS4OjlPUkmrpzWdSM79G
                                                                                                                                                                      MD5:BFF0CE8D5C44994EF19F63D63CC29EEB
                                                                                                                                                                      SHA1:B2837190927EE952721DBD5127C426D28FED9230
                                                                                                                                                                      SHA-256:08C6DDD72CD481672476625BAB435993F2F0C85F835B0313C593F46C49DE6781
                                                                                                                                                                      SHA-512:F527BB56DA57CA6BACDBA7871D65E48CA6ADEFE7F61240D766A6881C301B63C60063A09FA73E8BC64F40A01AD038B446B660A8ABC7719B84F1C6FE3654551420
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........<W..]9X.]9X.]9Xh-:Y.]9Xh-<Y=]9X.5<Y.]9X.5=Y.]9X...X.]9X.5:Y.]9X.5=Y.]9X.5<Y.]9Xh-=Y.]9Xh-8Y.]9X.]8X9]9X)40Y.]9X)49Y.]9X)4.X.]9X.].X.]9X)4;Y.]9XRich.]9X........PE..L....k%b...........!.....^..........=X.......p......................................c.....@.........................`................0...............V..@?...@..8F..pp..p............................p..@............p...............................text....].......^.................. ..`.rdata..jy...p...z...b..............@..@.data....8.......(..................@....rsrc........0......................@..@.reloc..8F...@...H..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\mobileflux.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):117064
                                                                                                                                                                      Entropy (8bit):6.436398487030181
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:pxNcrXn306zvccqtaGYvPCa/I7206aawWKxocUoiZw+BpQR9oLMm:pXcD30gccqtanCM0Wwiw+BpQR9oL
                                                                                                                                                                      MD5:80907BE35290D47A8C6DF50A0B44DECF
                                                                                                                                                                      SHA1:DBDDA59DD78716AD28FD37BF2619FC183D27CAE0
                                                                                                                                                                      SHA-256:4C4853E4F3990FFD0B3D6EB1436A885559564C1065C26490B777EC9D3586A5C4
                                                                                                                                                                      SHA-512:09D05C3133569548F4F231F0E06F6F29D57195C927B908F973CB05ABDE6214CA1E07399CB32EA5EC02635D81409B2A8F8F6BDA21F6B51B2A02115C2DF95B3B88
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m..)g..)g..)g.. ./.8g.. .9.Mg.. .>..g......:g..)g..g.. .0.!g.. .(.(g..75..(g.. .+.(g..Rich)g..........PE..L...%..S...........!.....,...|......H........@.......................................O..............................P.......4u......................................0B..............................._..@............@...............................text....*.......,.................. ..`.rdata...A...@...B...0..............@..@.data..../...........r..............@....rsrc...............................@..@.reloc..~...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\netmstart.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):171592
                                                                                                                                                                      Entropy (8bit):6.633100643329799
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:2g5d8g4gNv+wAGzpjdNwCR5t9Owr5HQ6UnsaP5YCnF+wFxDA:xDRpSs5t0u5wbfQ6E
                                                                                                                                                                      MD5:FF07224F63F62ECC5C6F2DED09DEB0AF
                                                                                                                                                                      SHA1:D3ADF969B20A3E42032E60A87DBD69834A748C1A
                                                                                                                                                                      SHA-256:A9F37F82413889A66F7063991F5C2E6DBA05A35A245891039204A478DE318357
                                                                                                                                                                      SHA-512:92B763A682C9F479F539AA945F245940351983EC04829FB6D614BB7ABCADE60E2205244C583F63547CF83F4819503529FF01411E08C9CBA26972222D2520AA4D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..X.y...y...y...+-..y....<..y....*..y....-.*y..5....y...y...y....#..y....;..y...+=..y....8..y..Rich.y..........................PE..L....].[...........!................F.....................................................@.........................`...........x....p...............f...7..............................................@...............4............................text............................... ..`.rdata...N.......P..................@..@.data....L... ...(..................@....rsrc........p.......8..............@..@.reloc...".......$...@..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\np360SoftMgr.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):243944
                                                                                                                                                                      Entropy (8bit):6.56760832272308
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:YdtvVq01U5wXzfoUEwDTw3lCovmHDBYOfdv2xJ82wEdl/NPgqddBumr5365mwkq/:yNI0O4awI3AYqYEv2QIdZTJJYD1Y1a
                                                                                                                                                                      MD5:FA85435627D31663BECB82EFFDFBE2BB
                                                                                                                                                                      SHA1:C3D9EEA92EF90E652F500A1F900DA4E20A010C2A
                                                                                                                                                                      SHA-256:7E0343BC0108526442E8B3FE7E538272FA6240E425BD8F318924573B59BD9DFB
                                                                                                                                                                      SHA-512:7DA0E76E88D8E78D23E7E6BE0A184BF52DF5032113DFEBE087C3463AD990BE38CD4FD34586CCD367B381AE749F16E04573CF91E4B3D7A235A865D175FAACBDA8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................f.*......)......?.......8......}........z.....6.............(......-....Rich...........................PE..L....6.e...........!................3.....................................................@......................... G......\:..........h...............P,..........................................@...@...............<............................text...x........................... ..`.rdata...x.......z..................@..@.data....D...P.......<..............@....rsrc...h............T..............@..@.reloc...-...........\..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\npaxlogin.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):404296
                                                                                                                                                                      Entropy (8bit):6.509440609680588
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:iwa9e5G4aES0Qux3nNj43ziT7U2mSBzRD44shPBTLaqqDL6UbwHUu:Y9exL3u0U2pBzm4sxBTrqn6Unu
                                                                                                                                                                      MD5:630AE5740C702AF919BAED414DE8CFE3
                                                                                                                                                                      SHA1:26A50EFF049B2DBC24BE11411032172E82B37B04
                                                                                                                                                                      SHA-256:C3F08B4843DAF466148EE99DBD0D300B2A92BB695FCDE001E288189A3582300E
                                                                                                                                                                      SHA-512:A714A6F13CE33D8EC31772F180F611C491110D438019D4FCD88F2EB114B41FBD28878B8B9C6BA723D892405DC825917EF1D4868FFB66069ABE49E5AF286F491F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...t..,t..,t..,}.|,y..,}.`,n..,}.f,o..,t..,h..,}.v,...,}.q,...,}.g,u..,}.a,u..,}.d,u..,Richt..,........................PE..L...[AVS...........!.....N...................p...............................p............@..........................x...... f.................................. 5...s..............................8...@............p..d............................text....K.......L.................. ..`.orpc...3....`.......P.............. ..`.rdata.......p.......R..............@..@.data....Y.......:...\..............@....rsrc...............................@..@.reloc..hc.......d..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\ntvbld.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:MS-DOS executable PE32 executable (DLL) (native) Intel 80386, for MS Windows, MZ for MS-DOS
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60896
                                                                                                                                                                      Entropy (8bit):6.847633229504993
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:NnCuEmXB5UMI3nhKrbZCWg/0/NC8hUDVsa0T1zj9KyhaMQNDG0uKjKj9MPgkz:N7Rx5Ulll8/H+x0T1zj9lHeMy
                                                                                                                                                                      MD5:690612154E7E5233AA980016CEAEDEDD
                                                                                                                                                                      SHA1:9B16E2F3D799EA506AA6A8F53FA4DEB36D73F5D4
                                                                                                                                                                      SHA-256:FFB81D34A14B5837AC713657F7892E790F85564BC2BA792025B0F9E9E0959AD7
                                                                                                                                                                      SHA-512:1F93AF0CA40DB562F7ECDBF19A0D899044BCF1F181B03E57E6B6F2C72F532652798023612BE9DEFE6261D631D10898D30ADB28EEFF922B72734B4DB27189C210
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ!..... ..........e..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ntvbldDXML..$............!.L.!........h.T.....................q.......q.......q.......q.......q.......q.......q......Rich............PE..L......a...........!.........\......2=.............p................................s`....@.........................p...........(.......h...............H?..........................................0+..@............................................text...v........................... ..`.data....F..........................@....rsrc...h...............

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\pluginmgr.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):171848
                                                                                                                                                                      Entropy (8bit):6.451554967739461
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:NQbFXbsJHCPNUzpNd0hq6pPyNVD/fAudYMi429OYHUMu73zE55C8f:atWpnztVLffdYLN8YHa7w
                                                                                                                                                                      MD5:9828C8A355EA0F393260D6E3F7D511E5
                                                                                                                                                                      SHA1:DC587D4215DC083A35E4BBEE095FB3FB07A73C33
                                                                                                                                                                      SHA-256:B0D6D85D02E7650E03AB9AD04E90341EF6F5421DDC2AAA7AE65692944C298671
                                                                                                                                                                      SHA-512:178D1AF5ABB116762C37714F2C142DB02BE9AF8B0C9BCD4948DE122583A9C815E1AB1F709E3167A096947CCCCD6ABEDC4BAB7ED405D207F097BD35640926205A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........xL.+L.+L.+..+M.+E..+^.+E..+1.+E..+u.+k..+].+L.+..+E..+].+E..+M.+R..+M.+E..+M.+RichL.+........................PE..L...P.LS...........!................D.....................................................@..........................2..M....'..x...................................P............................... ...@............................................text...'........................... ..`.rdata...S.......T..................@..@.data...HU...@...,...(..............@....rsrc................T..............@..@.reloc...#.......$...^..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\probe.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):304640
                                                                                                                                                                      Entropy (8bit):6.443933218835315
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:1AXDdMpEeHyH/D1kApvwp+ZniFARcRdhAGXPR:1Az6WeHyfDOAdwp+doARcRdh5Z
                                                                                                                                                                      MD5:BB752561CE0859324FF01369BA8D25CC
                                                                                                                                                                      SHA1:8C42AA1FF9060E58CFFD0EE9997DF134FB3E8739
                                                                                                                                                                      SHA-256:A243D55655789EF26972546B7DC9723953564F52AE1C46087CCC2DB96F5B8D83
                                                                                                                                                                      SHA-512:0C493C6868F4E2D90E3FCD6B71116769F2FA2F61740BCB9671B1DEEFC4628BE05E4441CA2008F6AD3F72BAE7C14028A7565CC2FBE68478E620F3CF9418357182
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&PLYb1".b1".b1".kI..s1".kI..^1".kI...1".E.Y.o1".b1#..1".kI..n1".kI..c1".|c..c1".kI..c1".Richb1".........PE..L....r.\...........!.....`...........?.......p......................................Cd....@.........................@%..B...X........p...............n..h7......@#...r..............................(...@............p..d............................text....^.......`.................. ..`.rdata.......p.......d..............@..@.data....6...0......................@....rsrc........p.......2..............@..@.reloc...0.......2...:..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\qroscfg.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):138056
                                                                                                                                                                      Entropy (8bit):6.637936005523512
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:LKDfRbUTKLoDy1wSSH/2Lq62enAhXx2+EKI:KJITHu1wZf2Lq62UAh6
                                                                                                                                                                      MD5:F62317FC61CA698D45A54C0F7A8A78B8
                                                                                                                                                                      SHA1:F61D256EA3E3DD85CE7C44DC61AACC93E720F692
                                                                                                                                                                      SHA-256:59DC54DD624E26D07EE8A908476EE67DCC3B6BA690F566C30B5522B6DCB8EE85
                                                                                                                                                                      SHA-512:C06E046EDB18EE40D63411AA689280A73EBBEF3CE6977C51F629C43E6A6314895BCF2270E43CB1D9DD847B33874BC812778ACCEC07ED0FBFB9791556027FFCAD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./.j&k..uk..uk..u...ui..ub.uz..ub.uR..ub.u...ub.ux..uk..u...ub.u|..ub.uj..uu.uj..ub.uj..uRichk..u........................PE..L.....,S...........!.....N...................`...............................P.......T....@.............................L...\........ .......................0..T...0b..............................8...@............`...............................text....L.......N.................. ..`.rdata...k...`...l...R..............@..@.data....A..........................@....rsrc........ ......................@..@.reloc.......0... ..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\qutmipc.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):170856
                                                                                                                                                                      Entropy (8bit):6.55483314591404
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:4JJiNkByXIzFu3wK672soO82qUyleRR2v6eY8lMnu+wqH6F3:477yIzFfKTsS2qUKeXC5lRR
                                                                                                                                                                      MD5:7EE49A57339ABCC35FCDE25D3F5EE8D9
                                                                                                                                                                      SHA1:7A7F471DADD973CA57C79C43D93828B4496570E8
                                                                                                                                                                      SHA-256:DC477A4B41CA92D94CB7092B458F35DEF2EF6F9A0B23A237A363E341E22AEABB
                                                                                                                                                                      SHA-512:F978F6C882D80CFD87B2EF75EBB1C18C9BFB6759D28C0F503395217373AE241E5B08212D4D42373F6B94AFFBF775959E06BD1CAD5D09C488DC139906A0D4AB4B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$...`..R`..R`..Ri.]Rk..R.BRb..Ri.ARr..Ri.WR...RV..Rb..RV..Rc..Ri.GRq..R`..R...Ri.PRZ..Ri.FRa..R~.@Ra..Ri.ERa..RRich`..R........PE..L...f..]...........!................K.....................................................@.............................a............................f...4..............................................................d............................text............................... ..`.rdata...O.......P..................@..@.data....n... ...(..................@....rsrc................8..............@..@.reloc..<#.......$...@..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\qutmload.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):111336
                                                                                                                                                                      Entropy (8bit):6.7222941004358425
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:PTxwTSQCdxm/78XLv6JYZeD9GIn+uowP0T:PCzCeeeYAD9E5T
                                                                                                                                                                      MD5:8719E73BC84D506FE7F0D367AE46ED20
                                                                                                                                                                      SHA1:D60A1FF7B2478ACDA7C5C1730E0B963594311FB9
                                                                                                                                                                      SHA-256:C110E1FF4F233669F1E035129E137ACED1A3632D17A8302502D160DC16FA9AF0
                                                                                                                                                                      SHA-512:AE00044E9EE7B5AF66105067877AFD68D79ECEB6C945CC07F390D15A2E1C0832C578146E6B0657FD8A29F865EC6DB78DEFEB7C1BA7E3AF0D1427EFD22A67F8B8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........z...z...z.f.'...z.....z.......z...{...z.....z.....z.......z.......z.....z.....z.Rich..z.........................PE..L...Z.Xd...........!.....Z...........A.......p...............................`............@..........................X..[...TM.......0..................P,...@..t... ...............................8%..@............................................text....Y.......Z.................. ..`.data........p.......^..............@....rsrc........0.......d..............@..@.reloc..f....@.......j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):691760
                                                                                                                                                                      Entropy (8bit):6.65005121490335
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:z9dSp9WkHCGswmfwHaG3qNeNCGWmQ47/KkRjDMfZVt1UE3HZyr9oUTB2O:Ra7HCXwmfwHRI+HWmQ4HRjDIZVt1UE3a
                                                                                                                                                                      MD5:938C33C54819D6CE8D731B68D9C37E38
                                                                                                                                                                      SHA1:5DEBC5AECEA887D17E342E3651006E1DB351034F
                                                                                                                                                                      SHA-256:E705895392ACD9768F413E35545C6581B3BAC8C05DCE97BC9AF6A37BE7CB7DE3
                                                                                                                                                                      SHA-512:16DEAF3B8C9A29B73D6530474F2A0BF5AC756D44A04D2468464FB78C9048CA9F1E1EBBCC91ADFC74963B7083B0381A47F76C70BADDEB44026C969125EA1C929A
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Yara Hits:
                                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe, Author: Joe Security
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c..........................................@.................................6............@...............................-...p...~...........:..0T.........................................................................................text...P........................... ..`.itext..t........................... ..`.data....5.......6..................@....bss....le...............................idata...-..........................@....tls....8................................rdata..............................@..@.reloc.............................@..B.rsrc....~...p...~..................@..@.....................:..............@..@................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\FLIEAC

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2713088
                                                                                                                                                                      Entropy (8bit):7.9358560764847
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:gCE0mvBnEwvJm7T8UyHNzeBBHKZlYU13/1wUqq7vf2h0Vw:gCZmvBEqUyHcclt/mUCOa
                                                                                                                                                                      MD5:C625FE50C8CBC877CBFAF1D5212F02C0
                                                                                                                                                                      SHA1:90763CBEB446C7638F80851E55AF9976285DC56C
                                                                                                                                                                      SHA-256:F8890DFA4609D9CB2CA685339468C5256356066CF91AB13C9A771A3B8A566D12
                                                                                                                                                                      SHA-512:898703B75D27A9EE5055965BE16D7DEFA482A4199D6C008E539A0102230743AD4540945B76E78804F4CFA99D3DE79B9584D91F6C74C3FF2E6B8F4CC09E7F472C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...SLSSSOSSSPPSS.SSSSSSS.SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS[SSSA..AS.J...R..................................FFE.SSSSSSSB.....t5..t5..t5..x5..t59..5..t5y.~5..t5...5..t59..5..t5..u5..t5...5..t5..t5..t5...5..t5..p5..t5......t5SSSSSSSSSSSSSSSS..SS.RLSd..SSSSSSSSsSA.DRISS.SSCSSS3.S.E.SS#.SSC.SSSSCSCSSSMSSOSSSSSSSOSSSSSSSS..SSOSSSSSSMSSSSSCSSCSSSSCSSCSSSSSSCSSSC..S.SSSSC.SCMSSSSSSSSSSSSSSSSSSSSSSSSSS...SGSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS....SSSSS3.SSCSSSSSSSOSSSSSSSSSSSSSS.SSs....SSSSS.SS#.SS.SSOSSSSSSSSSSSSSS.SSs....SSSSSCSSSC.SSOSSS.SSSSSSSSSSSSS.SS.SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS....S....FJKH

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\HipsdiaMain.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):58368
                                                                                                                                                                      Entropy (8bit):6.398722888372975
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:qjw1c0DJ1xDL8lCXy60KlCXy60vcbvM1id4xSu:T1HPxD2Cj00Cj0C00WxS
                                                                                                                                                                      MD5:56867EECC2042A0FD681F3B90D365A16
                                                                                                                                                                      SHA1:021DAC119F8E115E6DF308DB85BC8760078D9719
                                                                                                                                                                      SHA-256:48F8313380BC6FA33172888B8FD9874A6ED5465213BACB9F8D5C2BB3AB37BAEE
                                                                                                                                                                      SHA-512:EBB40D1E1A7F6B9E9480E544A67C9383D53A708547ACBA787BFD7C5699E491EAD7FAF714C5D84407B3D9A1DD2051205E0A299EAEECEB44422E3874C5E55CC65A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........FJo..Jo..Jo..%.U.Ho..%.W.Oo..%.c.Ao..%.b.Ho..C.Z.Oo..Jo...o..%.f.No..%.R.Ko..%.T.Ko..RichJo..........................PE..L...83^f...........!.....2...........9.......P............................... ............@.........................@...]...L...P.......................................................................@............P..,............................text...40.......2.................. ..`.rdata.......P.......6..............@..@.data...............................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\PackageMgr.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):107120
                                                                                                                                                                      Entropy (8bit):6.416041804489009
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:ABHJ2sevEPtUiDHPsG78SkqRsEKk2UaWD+Ug1phiaeBvNdiizK3xg+rd3XjxxyhS:eHAR6tHDp/acgrItvNdiizK3xg+FXOS
                                                                                                                                                                      MD5:773D6EC38151B301FB8E45B4043E2E9F
                                                                                                                                                                      SHA1:475A42DD7FF0417D6826187F37AA3B5FFA65AE50
                                                                                                                                                                      SHA-256:E15E52A68BA167C0E6683EAFA3102079BBD0262EF5BF1005FE5A3B492374F66A
                                                                                                                                                                      SHA-512:FFDEEA69581B7C25CF5DC83A9803E94AB83D6C19254F5DE474240DAD3B630386D8D401B7A5EA25F97B1BF068D95266D53AD6324362E7CF94B1F326DAA9B5A1EF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......L.,7.iBd.iBd.iBd...d.iBd37Ae.iBd37Fe.iBd.0Ge.iBd37Ce.iBd37Ge.iBd..d.iBd..d.iBd..d.iBd.iCd.iBd.7Ge.iBd.7Be.iBd.7.d.iBd.i.d.iBd.7@e.iBdRich.iBd........................PE..L.....3b...........!................(...............................................&.....@..........................=.......>..,....................p..p2......$.......T...................d...........@............................................text............................... ..`.rdata...P.......R..................@..@.data...$....`.......:..............@...minATL.......p.......F..............@..@.gfids...............H..............@..@.tls.................J..............@....rsrc................L..............@..@.reloc..$............^..............@..B........................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\QMAVProxy.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):99952
                                                                                                                                                                      Entropy (8bit):6.458473763443854
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:ZAUmWga/j5/IEHE2BzIfjwpDvdxeR1Ay01A4F1519hTnZmjjxy:jm+JrHElE9SRuy0hFX19hTZmM
                                                                                                                                                                      MD5:D902AF6BDCB8F3D47CC7A26B7F5AF840
                                                                                                                                                                      SHA1:B42E2C429F60551CAFDD92F5024DA7EDEC1270EB
                                                                                                                                                                      SHA-256:ADD79DE18ECBDEEC06D9765B2308FDBEAB3F788382A07D6235B614CA58BDA2B8
                                                                                                                                                                      SHA-512:1D55DC22AD3317622C3AE502B4B329B25DA6EB03D5FE8D2F4F7319110A196CDF08BD5E5DBB6322D6FC12B3C4472C629F9F64523FB23928E0433F96D0C8098911
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$...J...J...J.......J...N...J...I...J.g.....J...K...J...O...J...N...J...L...J...K...J.ys....J...K...J...C...J...J...J.......J...H...J.Rich..J.........PE..L...!8.d...........!................1...............................................v.....@..........................;..T...T;.......`..`............T..p2...p..t...4...p...............................@...............0............................text...%........................... ..`.rdata...h.......j..................@..@.data........P.......8..............@....rsrc...`....`.......<..............@..@.reloc..t....p.......@..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\QMDns.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):51312
                                                                                                                                                                      Entropy (8bit):6.588801090147588
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:gmaAkOI8/UgAXuuMnw415frUK5yPPTnDG3318RU7yw2MvZDGjENAMxaJ:gmPNN7wU5frbcba318aJjjxaJ
                                                                                                                                                                      MD5:BF125A12E9CE8568AADD6A9EE11C696D
                                                                                                                                                                      SHA1:4B8CF25506F5729D485171DECAA152B32EF2AFBF
                                                                                                                                                                      SHA-256:72C9E45E029115541AEBA55243BED56CCB5E594E50CE26DEFDE76D35B5B892C4
                                                                                                                                                                      SHA-512:B2FDCE478034312D7C7911F83E5A56DA505F9D5FF351CA74A8718B4256BB91DCBF341A268349DC992C7232A9B012BD986224BD650F7141261F8D38E9DCC43318
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........T...T...T...].f.X......._.......W.......B.......P....;.U....>.]...T..........v......U......U......U...RichT...........................PE..L....1.d...........!.....H...R......7L.......`......................................qi....@.........................`...4...............X...............p2......p...p...p...............................@............`..d............................text...3F.......H.................. ..`.rdata...7...`...8...L..............@..@.data...\...........................@....rsrc...X...........................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\QMEventBus.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):92272
                                                                                                                                                                      Entropy (8bit):6.543211290485113
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:5MUmmeVWAcHeFzyWQ+lh5W0pkw01pPafkNA0tDq3NnqFBjxxP:5MUsVF6eFvPPWBw01ofkNA0E3NnsBj
                                                                                                                                                                      MD5:23E97B1438152A4328FA97552F8B9AA1
                                                                                                                                                                      SHA1:F95D191EB1E6DDBCA5B20FAC2D0746FEBB0B2C12
                                                                                                                                                                      SHA-256:17CBD8771713566BEB469B300D34782986EF325582DCB575C4FB35C1FB397A9E
                                                                                                                                                                      SHA-512:FA497B5F806D851717C920755E245E65CDBF5CEFCE0975DA33A43C88005474F87D006FFEFE111A199ABF4FC68CA640CD18709FEDFC376FC64E6D6CC272D816A7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X\...=.N.=.N.=.N.E.N.=.N.2.N.=.NNH.O.=.NNH.O.=.NNH.O.=.NNH.O.=.N..ZN.=.N.=.N.=.N.._N.=.N.H.O(=.N.H.O.=.N.HkN.=.N.H.O.=.NRich.=.N................PE..L....2.d...........!.........z......e................................................[....@..........................&......('.......`...............6..p2...p..`.......p...........................8...@............................................text...}........................... ..`.rdata..VS.......T..................@..@.data... ....@......................@....rsrc........`.......$..............@..@.reloc..`....p.......&..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\TDPCONTROL.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1063616
                                                                                                                                                                      Entropy (8bit):6.674869382282474
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:2ODivXdRxWmQOhfbV5l7kZLWfGPeu/PUw6WmARlXDMmH6PBzT/Cn+m4q:2OuvbfGZGGKJT/Cn+Fq
                                                                                                                                                                      MD5:4FF45827EC92E40935F9939142CD40DC
                                                                                                                                                                      SHA1:CAD74928F3387E6BF28C3625803706061E956B34
                                                                                                                                                                      SHA-256:012ED8D16E9F7586FE44C0AFFE5BEA6FF68F27231A6526D439643869A103E434
                                                                                                                                                                      SHA-512:A3DFE7976E5FFB4BA0C68E218C0924568D343E7937ABB50785107DE5E0ADC11AD58A86E02FABB455845FBE8E545E48B57A67EB647C664390ED521D255FF3BEFE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...~/._.....................j...................@................................. ...................................{........3.......................@...........................................................................................text...0z.......|.................. ..`.itext.............................. ..`.data...D...........................@....bss.....e...@.......0...................idata...3.......4...0..............@....edata..{............d..............@..@.reloc...............f..............@..B.rsrc................V..............@..@....................................@..@........................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\TDPINFO.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32256
                                                                                                                                                                      Entropy (8bit):7.484270190239562
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:tUqX/E3rJA4ZX6xUrLGwk9xAlvcuHnYoq7MNC3Il:tUc/+vKGnax8ESY17WkI
                                                                                                                                                                      MD5:63F6D9FECB240388D69CB668CFE50C00
                                                                                                                                                                      SHA1:2B67BB8AA45A9D0383E76F15E631C1131B28BB1E
                                                                                                                                                                      SHA-256:678D6ED15F6150BFD5BA8E823CF877C32BB492E8557E107FAC77143DAD3724F1
                                                                                                                                                                      SHA-512:176B096493206D2DADB17D778E959855DEEF0EC8D5343C09790CA6C067A338ECE44138FA9081888CAA2228A041D2A8C71B085AD8FEFAFE479505F667F6D2B7E6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#;\.gZ2.gZ2.gZ2..F<.rZ2.Q|8..Z2..Uo.bZ2.gZ3.7Z2.Q|9.sZ2.gZ2.fZ2..E9.eZ2..E6.fZ2.RichgZ2.................PE..L.....lf...........!.............p..................................................................................0...l...........................................................................................................................UPX0.....p..............................UPX1.............v..................@....rsrc................z..............@......................................................................................................................................................................................................................................................................................................................................................................................................4.21.UPX!....

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\TDPSTAT.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):388808
                                                                                                                                                                      Entropy (8bit):6.5956896905460125
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:B9su6Bohl2JJmgk1G8M0uQoRkQsKwxBF6CaSIU9ILZxxB5ARUWvAX+E:BSohl2JJmgk1U3QMkQsTx3paSIUixGRI
                                                                                                                                                                      MD5:B8253F0DD523BC1E2480F11A9702411D
                                                                                                                                                                      SHA1:61A4C65EB5D4176B00A1FF73621521C1E60D28EA
                                                                                                                                                                      SHA-256:01CEE5C4A2E80CB3FDAD50E2009F51CA18C787BF486CE31321899CCCEDC72E0C
                                                                                                                                                                      SHA-512:4C578003E31F08E403F4290970BC900D9F42CAA57C5B4C0ACA035D92EDC9921BF4034FC216C9860DA69054B05F98DADE5F6E218AC4BEE991BC37A3EF572FE9A0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...8..^..........................................@..........................P..........................................c....p...........N...............<.......g..................................................Ts..P............................text...T........................... ..`.itext.............................. ..`.data....).......*..................@....bss....<X...............................idata.......p......................@....edata..c...........................@..@.reloc...g.......h..................@..B.rsrc....N.......N...d..............@..@.............P......................@..@........................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Toolbox.ico

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 6 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):104864
                                                                                                                                                                      Entropy (8bit):3.9053747079480448
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:0ePYp7777777777FaTLcbLLLLEW/+Z+Z+I1m5aaaaaaaaaMsJju5wU4XcG8jUEPE:n7sAacGgUEc
                                                                                                                                                                      MD5:6CCA9307DEAF7B167C92BBE3D2AC59CA
                                                                                                                                                                      SHA1:FE2A51B84BD203BA0AEA43D50D664B1632F3B0B0
                                                                                                                                                                      SHA-256:771E0C7FF0514650DF7C62E237A8D8DDFA2D156A8B18473AE647E6684A483178
                                                                                                                                                                      SHA-512:C1E4639BCFF0C18713116973524E7527BEE31307C33AF2048F617CE0460580A2FEE88FF6E347F87C799AC990F4BCCB97A2FCEBCB82AD4A926EE95F211A033368
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:............ .h...f... .... .........00.... ..%..v...@@.... .(B...;........ .(...F}........ .2...n...(....... ..... .....0....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................v...w..w.........u...w..w..w..w..x.......|...w..w..w...n...x...x...x...x...x...x...x...x...x...x...x...x...x...x...n...o...w...x...x...x...x...x...x...x...x...x...x...x...x...w...p...p...n..y...z...u...u...u...z...z...u...u...u...z...y...n..p.......p...s..w...w...w...w...w...w...w...w...w...w...s..p...........................m.p.p

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\UPSDK.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1165576
                                                                                                                                                                      Entropy (8bit):6.491752155251347
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:ptf4OLWmQQ3b6ZVtecP3Ufy/ilDqzybXIZ0xKHpWq0dGcz7msH0WQWmAdA7yJBzA:tLDlDgRGxKHpSJ28TU
                                                                                                                                                                      MD5:D75E14313FC8A0850F3190CE67509475
                                                                                                                                                                      SHA1:74474830BC0706E5C0A8B455A4E1B47D9F1DE741
                                                                                                                                                                      SHA-256:E5C711BDB99AB55EBD96B3636C7396566C98ACFFD03DF735A15F1E18936A718A
                                                                                                                                                                      SHA-512:A4260F1A9A77BC41FC54532BDBF51F831004767E08150BFF95374663930BBE4FCA81790AA4578C062674557A02A698EA798CFC00F2355F6B8FA71BF2915CBAAA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......`..........................................@..........................0.......4...............................`..e....@..v........^...............A...p...Y...................................................C...............................text...x........................... ..`.itext.............................. ..`.data....".......$..................@....bss.....Y...............................idata..v....@......................@....edata..e....`......................@..@.reloc...Y...p...Z..................@..B.rsrc....^.......^...*..............@..@.............0......................@..@........................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\libcurl.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):333824
                                                                                                                                                                      Entropy (8bit):6.389952178495305
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:WyEhWbJNOcWd55OHSCw1ohITXVvrJGqdK2Dug6dGXLSuMAFi2TBfR:Wlu1IjOIohILJrc4Ezui2TdR
                                                                                                                                                                      MD5:EC9483F4B8C3910B09CAAB0F6CB7CD1B
                                                                                                                                                                      SHA1:9931AAA8E626DF273EE42F98E2FC91C2078FDC07
                                                                                                                                                                      SHA-256:4D9CAE6E2E52270150542084AF949D7B68300E378868165FF601378A38F7048F
                                                                                                                                                                      SHA-512:84B60FE3CD0EDE19933B37AE0EAEBA1F87174A21BC8086857E57C8729CEC88F9FEF4B50A2B870F55C858DD43B070FD22FFEC5CB6F4FD5B950D6451B05EB65565
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z..S...........#................ .............$k................................. ........ .........................c.... .......`.......................p..|$...........................P......................."..h............................text...T...........................`.P`.data...t...........................@.`..rdata..L.... ......................@.`@.eh_fram............................@.0@.bss..................................`..edata..c...........................@.0@.idata....... ......................@.0..CRT....,....@......................@.0..tls.... ....P......................@.0..rsrc........`......................@.0..reloc..|$...p...&..................@.0B........................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcp100.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):608080
                                                                                                                                                                      Entropy (8bit):6.297676823354886
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:koBFUsQ1H5FH3YUTd/df0RA7XkNvEKZm+aWodEEiblHN/:dFUsQ1H5FHdGKkNvEKZm+aWodEEcHN/
                                                                                                                                                                      MD5:D029339C0F59CF662094EDDF8C42B2B5
                                                                                                                                                                      SHA1:A0B6DE44255CE7BFADE9A5B559DD04F2972BFDC8
                                                                                                                                                                      SHA-256:934D882EFD3C0F3F1EFBC238EF87708F3879F5BB456D30AF62F3368D58B6AA4C
                                                                                                                                                                      SHA-512:021D9AF52E68CB7A3B0042D9ED6C9418552EE16DF966F9CCEDD458567C47D70471CB8851A69D3982D64571369664FAEEAE3BE90E2E88A909005B9CDB73679C82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$..-`..~`..~`..~i.4~b..~{.;~c..~`..~...~..?~a..~{.9~a..~{..~P..~{..~Y..~{..~e..~{.<~a..~{.=~a..~{.:~a..~Rich`..~........................PE..d.....M.........." .........f.......q........cy..........................................@.............................................m......<....P...........=...0..P....`.......................................................................................text............................... ..`.rdata..-...........................@..@.data...0L.......8..................@....pdata...=.......>..................@..@.rsrc........P......................@..@.reloc..R....`......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcp110.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):661456
                                                                                                                                                                      Entropy (8bit):6.2479591860670896
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:akhiz9iVQi6mpiyMATITfluR3G1YdpTzYJQIbRdJN2EKZm+DWodEEt2L:WaQeIJN2EKZm+DWodEEt2L
                                                                                                                                                                      MD5:7CAA1B97A3311EB5A695E3C9028616E7
                                                                                                                                                                      SHA1:2A94C1CECFB957195FCBBF1C59827A12025B5615
                                                                                                                                                                      SHA-256:27F394AE01D12F851F1DEE3632DEE3C5AFA1D267F7A96321D35FD43105B035AD
                                                                                                                                                                      SHA-512:8818AF4D4B1DE913AAE5CB7168DCEC575EABC863852315E090245E887EF9036C81AABAF9DFF6DEE98D4CE3B6E5E5FC7819ECCF717A1D0A62DC0DF6F85B6FEEB8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v.:..si..si..si~`.i..si..ri^.sis.i..si...i..sis.i..sis.i..sis.i..sis.i..sis.i..sis.i..sis.i..siRich..si................PE..d......P.........." ........."......<........................................p......L+....`..........................................3......l...<...............0E.......=... ..,....(..............................`...p............ ...............................text...:........................... ..`.rdata....... ......................@..@.data...p.... ...:..................@....pdata..0E.......F...D..............@..@.rsrc...............................@..@.reloc..FJ... ...L..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcp120.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):660128
                                                                                                                                                                      Entropy (8bit):6.339650318935599
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:t2TOv4Zur4nRc4RwlG4xH2F+O+/i2UA3YyB2hxKM5Qrt+e2EKZm+GWodEEwIP:qRhxKM5U2EKZm+GWodEEw4
                                                                                                                                                                      MD5:0A097D81514751B500690CE3FC3223FA
                                                                                                                                                                      SHA1:7983F0E18D2C54416599E6C192D6D2B151A2175C
                                                                                                                                                                      SHA-256:E299B35D1E3B87930A4F9A9EF90526534E8796B0DEF177FB2A849C27F42F1DF2
                                                                                                                                                                      SHA-512:74639F4C2954B5959EB2254544BF2E06AB097219FC8588A4F154D1A369B0657176128C17911958C84ED55421FE89BF98C8ED36D803A07A28A7D4598DB88027CE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Ca.=...n...n...n..)n...n...n...n.R?n...n..%n...n.R=n...n.R.n4..n.R.nJ..n.R.n...n.R>n...n.R9n...n.R<n...nRich...n........PE..d......V.........." .....@...................................................`.......H....`.........................................pU.. ....2..<....@...........G.......>...P.......X..................................p............P...............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data........P...8...B..............@....pdata...G.......H...z..............@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcp140.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):449280
                                                                                                                                                                      Entropy (8bit):6.670243582402913
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:UEPa9C9VbL+3Omy5CvyOvzeOKaqhUgiW6QR7t5s03Ooc8dHkC2esGgW8g:UEPa90Vbky5CvyUeOKg03Ooc8dHkC2ed
                                                                                                                                                                      MD5:1FB93933FD087215A3C7B0800E6BB703
                                                                                                                                                                      SHA1:A78232C352ED06CEDD7CA5CD5CB60E61EF8D86FB
                                                                                                                                                                      SHA-256:2DB7FD3C9C3C4B67F2D50A5A50E8C69154DC859780DD487C28A4E6ED1AF90D01
                                                                                                                                                                      SHA-512:79CD448E44B5607863B3CD0F9C8E1310F7E340559495589C428A24A4AC49BEB06502D787824097BB959A1C9CB80672630DAC19A405468A0B64DB5EBD6493590E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L....(.[.........."!.....(..........`........@............................................@A.........................g.......r...........................?.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcp140_1.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):31528
                                                                                                                                                                      Entropy (8bit):6.472533190412445
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:R77JqjlI8icUYWhN5tWcS5gWZoMUekWi9pBj0HRN7RA5aWixHRN7osDhzlGs6N+E:R5D8icUlX5YYMLAWRAlypmPB
                                                                                                                                                                      MD5:7EE2B93A97485E6222C393BFA653926B
                                                                                                                                                                      SHA1:F4779CBFF235D21C386DA7276021F136CA233320
                                                                                                                                                                      SHA-256:BD57D8EEF0BC3A757C5CE5F486A547C79E12482AC8E694C47A6AB794AA745F1F
                                                                                                                                                                      SHA-512:4A4A3F56674B54683C88BD696AB5D02750E9A61F3089274FAA25E16A858805958E8BE1C391A257E73D889B1EEA30C173D0296509221D68A492A488D725C2B101
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..\4~.\4~.\4~...^4~.UL..X4~.Dz.[4~.D}.^4~.\4..v4~.D..Y4~.D{.O4~.D~.]4~.D..]4~.D|.]4~.Rich\4~.........PE..d...W8.^.........." .........$............................................................`A.........................................>..L....?..x....p.......`..4....:..(A......p...@3..T............................3..0............0..0............................text...(........................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata..4....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..p............8..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcp140_2.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):193832
                                                                                                                                                                      Entropy (8bit):6.592581384064209
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:V7vC/HAiCsJCzwneNPXU7tm1hTt8KBDal8zg/0LwhORfewlMi0JHV:VTGAtweN85m1f8KBI9wfpsJH
                                                                                                                                                                      MD5:937D6FF2B308A4594852B1FB3786E37F
                                                                                                                                                                      SHA1:5B1236B846E22DA39C7F312499731179D9EE6130
                                                                                                                                                                      SHA-256:261FBD00784BB828939B9B09C1931249A5C778FCEAD5B78C4B254D26CF2C201F
                                                                                                                                                                      SHA-512:9691509872FDB42A3C02566C10550A856D36EB0569763F309C9C4592CAF573FBB3F0B6DC9F24B32A872E2E4291E06256EAE5F2A0DEB554F9241403FD19246CAC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........94..Wg..Wg..WgVt.g..Wg..g..Wg..Sf..Wg..Tf..Wg..Vg..Wg..Vf..Wg..Rf..Wg..Wf..Wg...g..Wg..Uf..WgRich..Wg........................PE..d...W8.^.........." ................p............................................... .....`A........................................ ..................................(A...........K..T........................... L..0...............P............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcr100.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):773968
                                                                                                                                                                      Entropy (8bit):6.901559811406837
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                                                                                                                                      MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                                                                                                                                      SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                                                                                                                                      SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                                                                                                                                      SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcr110.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):849360
                                                                                                                                                                      Entropy (8bit):6.542151190128927
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:I+9BbHqWVFlB7s2ncm9NBrqWJgS0wzsYmyy6OQ:z9d7M3nS0wV
                                                                                                                                                                      MD5:7C3B449F661D99A9B1033A14033D2987
                                                                                                                                                                      SHA1:6C8C572E736BC53D1B5A608D3D9F697B1BB261DA
                                                                                                                                                                      SHA-256:AE996EDB9B050677C4F82D56092EFDC75F0ADDC97A14E2C46753E2DB3F6BD732
                                                                                                                                                                      SHA-512:A58783F50176E97284861860628CC930A613168BE70411FABAFBE6970DCCCB8698A6D033CFC94EDF415093E51F3D6A4B1EE0F38CC81254BDCCB7EDFA2E4DB4F8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........c.O.0.O.0.O.0.O.0}O.028g0.O.0?..02N.0?..0.O.0?..0.O.0?..0wO.0?..0.O.0?..0.O.0?..0.O.0Rich.O.0........................PE..d...n..P.........." ................l3.......................................@............`..........................................E.......1..(............... g.......=......8...`6..............................P...p............0...............................text............................... ..`.rdata.......0......................@..@.data...(q.......@..................@....pdata.. g.......h...(..............@..@.rsrc...............................@..@.reloc...".......$..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\msvcr120.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):963744
                                                                                                                                                                      Entropy (8bit):6.63341775080164
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:lQ39+j16xw/86yY4ZOVqSs8cKPkb3vi4vwW1kCySQmWymTXY:S3tPDLfRbiow9Cyo
                                                                                                                                                                      MD5:E2CA271748E872D1A4FD5AC5D8C998B1
                                                                                                                                                                      SHA1:5020B343F28349DA8C3EA48FB96C0FBAB757BD5C
                                                                                                                                                                      SHA-256:0D00BF1756A95679715E93DC82B1B31994773D029FBBD4E0E85136EF082B86A9
                                                                                                                                                                      SHA-512:85D6BCAAF86F400000CF991DA1B8E45E79823628DC11B41D7631AA8EE93E500E7DA6E843EA04EDB44D047519DABEF96DCB641ADC2A7B3FAA5CD01E8A20B1F18E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F=&^'Su^'Su^'Su..u]'Su^'Ru.'SuSu.u.%SuSu.uo'SuSu.uh'SuSu.u.'SuSu.u_'SuSu.u_'SuSu.u_'SuRich^'Su........PE..d......V.........." .....j...:.......)..............................................+l....`.....................................................(............@...s...v...>......8...p................................2..p............................................text...eh.......j.................. ..`.rdata...9.......:...n..............@..@.data...hu.......D..................@....pdata...s...@...t..................@..@.rsrc................`..............@..@.reloc..8............d..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\oDayProtect.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):57456
                                                                                                                                                                      Entropy (8bit):6.555119730119836
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:h4WOg3TER/nhU8Vbbb8O0WWVYgaatjJxl:h4WOg3TSr78O0WWVYg5tJ
                                                                                                                                                                      MD5:00FCB6C9E8BD767DDE68973B831388E9
                                                                                                                                                                      SHA1:2D35E76C390B8E2E5CA8225B3E441F5AC0300A02
                                                                                                                                                                      SHA-256:1CC765B67D071060C71B4774C7745575775CE46E675E08620E5BAB3B21B2CE79
                                                                                                                                                                      SHA-512:2B48701B5F4B8F1EB7FC3EB9A76370883FE6CAF45D92DA607AB164F93E0EED65D6C1369D4EA974A112C902FD0F5BAF06E7611ECB9B50BE3A599F261624B33BA5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[..]..............3.....M......M......M......M.......{n......{k............................._.......7............Rich............PE..L...m>.d...........!.....`...R......._.......p............................................@...........................................P...............p2..............p........................... ...@............p..\............................text...._.......`.................. ..`.rdata...4...p...6...d..............@..@.data...$...........................@....shared.............................@....rsrc...P...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\vcruntime140.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):101872
                                                                                                                                                                      Entropy (8bit):6.5661918084228725
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:RCKWZGuEK0mOLSTxoPl9GIcuZrxi4hXX9oix8H+NCIecbGShwZul:RFWY1WxgGStJ8H2CIecbG36
                                                                                                                                                                      MD5:971DBBE854FC6AB78C095607DFAD7B5C
                                                                                                                                                                      SHA1:1731FB947CD85F9017A95FDA1DC5E3B0F6B42CA2
                                                                                                                                                                      SHA-256:5E197A086B6A7711BAA09AFE4EA7C68F0E777B2FF33F1DF25A21F375B7D9693A
                                                                                                                                                                      SHA-512:B966AAB9C0D9459FADA3E5E96998292D6874A7078924EA2C171F0A1A50B0784C24CC408D00852BEC48D6A01E67E41D017684631176D3E90151EC692161F1814D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........w.............t:..............................................................Rich....................PE..d.....t^.........." .........^.......................................................e....`A.........................................0..4....9.......p.......P.......L...A..............8........................... ...0............................................text...2........................... ..`.rdata...?.......@..................@..@.data...0....@.......4..............@....pdata.......P.......8..............@..@_RDATA.......`.......D..............@..@.rsrc........p.......F..............@..@.reloc...............J..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\BtDDIFUEHLCR\yybob\vcruntime140_1.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):44312
                                                                                                                                                                      Entropy (8bit):6.623047237297825
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:vG3xRsJTKdiibUoT2zvivbXXyJWqWZ8DZX:vG7DyM22DiJMCtX
                                                                                                                                                                      MD5:9040ED0FDF4CE7558CBFFB73D4C17761
                                                                                                                                                                      SHA1:669C8380959984CC62B05535C18836F815308362
                                                                                                                                                                      SHA-256:6CC4315DACEB0522816C60678344466CB452426267F70C7FAAE925361674E774
                                                                                                                                                                      SHA-512:303143006C781260540E9D0D3739ACC33F2D54F884358C7485599DD22B87CCE9B81F68D6AD80F0F5BB1798CE54A79677152C1D3600E443E192AECD442EA0A2E4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j&=..Hn..Hn..Hn@..n..Hn!fIo..Hn.s.n..Hn..In..Hn!fKo..Hn!fLo..Hn!fMo..Hn!fHo..Hn!f.n..Hn!fJo..HnRich..Hn........PE..d....h.].........." .....:...4.......A..............................................?.....`A.........................................j......<k..x....................l...A......(....a..8...........................0b...............P..X............................text...t9.......:.................. ..`.rdata..P ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..(............j..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGXlong.sys

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):28024
                                                                                                                                                                      Entropy (8bit):3.654385616324733
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:BFvjF9WYdsCXJbXqzqcihX+qrgD+aKOd2VtFGynjIFUYC9x5rxM9PjAl6eIEYj/s:j5W2llQobHoU74xuJBGqc0If+lB
                                                                                                                                                                      MD5:56ED532099434370FDB616E2C0E17462
                                                                                                                                                                      SHA1:11FDFB4890723035F83809F5EE32AD8105D971DF
                                                                                                                                                                      SHA-256:0AA158839F11182C42C79FBD3FA65E0C4C08874A35FF3F9CE1B40AB86D943551
                                                                                                                                                                      SHA-512:20A37B68C05804EB1F9B2DD8CC9BE3C681FC89599B65B453804A52AF48D7F4140B5FDBC46AB957FAC606D16ECA274BA6BF28BABA8FAA495F94ABD3358E61464C
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:....[..h..:.].P.r.o.g.r.a.m. .M.a.n.a.g.e.r.....[..e..:.].2.0.2.5.-.1.-.6. . .2.0.:.3.:.2.4.....[..Q.[:.].....[..h..:.].P.r.o.g.r.a.m. .M.a.n.a.g.e.r.....[..e..:.].2.0.2.5.-.1.-.8. . .2.0.:.4.:.2.3.....[..Q.[:.].....[..h..:.].P.r.o.g.r.a.m. .M.a.n.a.g.e.r.....[..e..:.].2.0.2.5.-.1.-.9. . .2.0.:.4.:.5.3.....[..Q.[:.].....[..h..:.].P.r.o.g.r.a.m. .M.a.n.a.g.e.r.....[..e..:.].2.0.2.5.-.1.-.1.1. . .2.0.:.5.:.5.3.....[..Q.[:.].....[..h..:.].P.r.o.g.r.a.m. .M.a.n.a.g.e.r.....[..e..:.].2.0.2.5.-.1.-.1.2. . .2.0.:.6.:.2.3.....[..Q.[:.].....[..h..:.].P.r.o.g.r.a.m. .M.a.n.a.g.e.r.....[..e..:.].2.0.2.5.-.1.-.1.3. . .2.0.:.6.:.5.3.....[..Q.[:.].....[..h..:.].P.r.o.g.r.a.m. .M.a.n.a.g.e.r.....[..e..:.].2.0.2.5.-.1.-.1.4. . .2.0.:.7.:.2.3.....[..Q.[:.].....[..h..:.].P.r.o.g.r.a.m. .M.a.n.a.g.e.r.....[..e..:.].2.0.2.5.-.1.-.1.6. . .2.0.:.8.:.2.3.....[..Q.[:.].....[..h..:.].P.r.o.g.r.a.m. .M.a.n.a.g.e.r.....[..e..:.].2.0.2.5.-.1.-.1.7. . .2.0.:.8.:.5.3.....[..Q.[:.].....[..h..:.].P.r.o.g.r.a.m. .M.a.

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\DAN_127.msi

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 936, Revision Number: {FF04FCEE-D135-4246-945D-4A9D97099E64}, Number of Words: 0, Subject: Windows, Author: GbLXGXDAPUOD, Name of Creating Application: Windows, Template: ;2052, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3592192
                                                                                                                                                                      Entropy (8bit):6.5363078562423516
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:vfplGFAvHZXm1+akq2+cZfsZlA0OO62wOR4UkrfH1OrEMBZX26PH2ca7G/uaJEi2:pkFALq3pOwkP2uayisdSHis
                                                                                                                                                                      MD5:ED11B37D4C599EBFCB24123B6F35648D
                                                                                                                                                                      SHA1:01517B47E325ACFFFB38532D7E0CB152D0667952
                                                                                                                                                                      SHA-256:F68D10ADAB342777B36CE77B064952C1D0E5309B070D1D51DED7AAE092AA5432
                                                                                                                                                                      SHA-512:67280F74E10C05166735EEE0B1CB2A44A3083E7E5E3800B410C43349A22DBBCD99BDBE9E9E477FEA5EBA97E80B4D35DF473E88881728466EC3F79A43C2F83221
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>...................7...................................R...S...T...U...V...W...X...Y...Z...[...u.......|.......................................................................................................................................................(...)...*...........................................................................................................................................................................................................................................m.......................4...7................................................................................... ...!..."...#...$...%...&...'...(...)...5...+...,...-......./...0...1...2...3.......=...6...8...J...9...:...;...<...@...>...?...G...A...B...C...D...E...F...Q...H...I...n...K...L...M...N...O...P...................................................]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\Gme.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):400480
                                                                                                                                                                      Entropy (8bit):6.6249170967240625
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:ke/EYk6LSMAROeK3nzAPSayAj7+fyJHbVJMs/ubUQ3Q/p:MQ7DAvhpGs/8UQ3QB
                                                                                                                                                                      MD5:CC4F1CDFA6A90B6152B8012E8C035DFD
                                                                                                                                                                      SHA1:011098BADE1BD47557147B8CF3BAF4A070CB9D7C
                                                                                                                                                                      SHA-256:7B9FF465FA54E5EDF69F0794D7CAF7ADC6D7B20534E6DA0181DC93DC062E7CCA
                                                                                                                                                                      SHA-512:0084BADEBBAC672904BD7E19019C2D86B4745DEA26229CE82E48E0A5134DF3FA42B4948C673B17432BFE14F13A82B0BAFF3B5D861AA4AB3A951AF40793780CE1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_..N>.EN>.EN>.E.qXEM>.EGF[ET>.EGFJE.>.EGFME.>.Ei..E[>.EN>.E.>.EGFDEg>.EGF\EO>.EPlZEO>.EGF_EO>.ERichN>.E................PE..L.....rZ...........!.........*......?#.......................................P......j.....@..........................m.......^..........x................5......H3..0...................................@............................................text............................... ..`.rdata..d...........................@..@.data....q...p...6...Z..............@....rsrc...x...........................@..@.reloc..PM.......N..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\GmeApi.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):427104
                                                                                                                                                                      Entropy (8bit):6.602064716561835
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:d54WjgpIW+m/CbqwcAjoZOtjEipBiRuL9JK:avGPJbtjEY2uL7K
                                                                                                                                                                      MD5:50B836C0E21FD4EF3F6F6102F9162FEA
                                                                                                                                                                      SHA1:704834D4BE32AD186FD761E908CC0518AC2A8117
                                                                                                                                                                      SHA-256:8CFC18609E75074EB0FBF3C87C1B41E263DE503083A7EBBB00643E0F05A2920E
                                                                                                                                                                      SHA-512:B2C220F954A38B7EBC44FA60454CD8322A21714F1E3D593F32B7C4865113157965E1C8C0821F60F1865270FCB2529EBF8CDD32F1DE44A7626C0D0DB304C72644
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L.p...#...#...#..T#...#..W#...#..F#Y..#..A#...#/V.#...#...#...#..H#:..#..P#...#..V#...#..S#...#Rich...#........................PE..L.....rZ...........!.........F.......c....... ............................................@.....................................x....@...............N...5...P..88..."...............................k..@............ ...............................text............................... ..`.rdata..r.... ......................@..@.data...Dm.......6..................@....rsrc........@......................@..@.reloc...Y...P...Z..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\GmeApi64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):572512
                                                                                                                                                                      Entropy (8bit):6.263529853370218
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:Azb0JSwmBU/no1rNW23dImf/D/cnlu41T3ork5d:AH0JSwmko1rNW23df/D/cnlhp3d5d
                                                                                                                                                                      MD5:984829AFB3ED76FABCAB8AE4BE1FF15C
                                                                                                                                                                      SHA1:2498F20AB62E3061FB144C7CEAE5CF254D6C7095
                                                                                                                                                                      SHA-256:F257E86E42D7546C37AEABDC7BF1D00BC09E7B26D9AF4478302FF2B872187C33
                                                                                                                                                                      SHA-512:5270AE482E8C462B5360DD60C06D8757BE5F7E513A0A7BF993F3F088A67516AAA0A744CDBD034828D3AAF5E6EADAF630317ACF325B03E028398C7EAC12A97B04
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i...........BG@.....pC.....pR.....pU.L...........f...p\.....pD.....ZB.....pG....Rich...................PE..d.....rZ.........." .....F...:......,T...............................................V....@.....................................................x............p..Tf.......5..........pe...............................................`..X............................text....E.......F.................. ..`.rdata..Tx...`...z...J..............@..@.data............@..................@....pdata..Tf...p...h..................@..@.rsrc................l..............@..@.reloc...............r..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HackPatch.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):572312
                                                                                                                                                                      Entropy (8bit):6.6114481461607175
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:KmuYzDRB54CwW2U0lY4woeFuA0TpxVQ8Y3Ew+zBsPO3erF7q0zoCiJbDjdxzF5og:Ju+469PqNYsBsPTziDjLbCEGne9Z
                                                                                                                                                                      MD5:5CC95EA39AB6D7751A1A85F832CCA011
                                                                                                                                                                      SHA1:387B60FE4F257BA8A0F5DA566709640F972EAA3B
                                                                                                                                                                      SHA-256:4BF5DD0ED84D6C7B4965628A22668F733C167427B20A4B56AE356205381B527F
                                                                                                                                                                      SHA-512:6E28E6D3D1A6BF4FB046A7F03F68FE27F8A7151465412EA4126AD3DD2A9DC9C89238923E858C644892D72D318CF2112C4AE60DAE363CC5EC41DEF1663BFDD101
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Yara Hits:
                                                                                                                                                                      • Rule: Mimikatz_Gen_Strings, Description: Detects Mimikatz by using some special strings, Source: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HackPatch.dll, Author: Florian Roth
                                                                                                                                                                      • Rule: Mimikatz_Strings, Description: Detects Mimikatz strings, Source: C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HackPatch.dll, Author: Florian Roth
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^.^.?g..?g..?g.=Nf..?g..ac..?g..ad..?g..Yb..?g..Vf..?g.=Nb..?g.<Nb..?g..G...?g..Ya..?g......?g.!ab..?g.!ac..?g.>ac..?g.>ab..?g..ab..?g..Yc..?g.....?g.....?g.H0:..?g..Yf..?g..?f.5=g.!an..?g.!ag..?g.!a...?g..?...?g.!ae..?g.Rich.?g.........................PE..L....Enc...........!.....,...|...............@............................................@.........................`p.......q.......0...r...........r...I......dK......p...............................@............@...............................text....*.......,.................. ..`.rdata...T...@...V...0..............@..@.data...D_.......$..................@....gfids..............................@..@.tls................................@...PlugImm...... ......................@....rsrc....r...0...t..................@..@.reloc..dK.......L...$..............@..B................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\Hamster.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):249768
                                                                                                                                                                      Entropy (8bit):6.601810977306283
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:/0jvJ1SDHfvcFHDSU4/eebh4HT4dK62HPWA2F0T7z/LDdUjE2rRNq5N5EuXCRfC:/0jTSrMtceebhz32HPWnoBUw2/G5r
                                                                                                                                                                      MD5:2EA3ACA1D36D16F0699261F77EE6ECCE
                                                                                                                                                                      SHA1:31C6575F5EC4F48ED3939FD5484F4E3D5869D3DA
                                                                                                                                                                      SHA-256:12B2AAA9C7222B13E97A0870006CFC498134F7182009C49FAD0281A85D5CD386
                                                                                                                                                                      SHA-512:30057B3491807413603C5A4668D020A384548CE6F41BA9DE6C708C4BF052BE10113AE5AAF41697ACC2AB56E9674EE8DC4669584FA9F838A9359842038F82394E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...U..U..U.....U....9.U......U.*...U..T.'.U.....U.....U.....U.....U.Rich..U.........................PE..L..._wWX...........!................................................................,.....@..........................M..R....B..d.......l................5......8...`...............................@...@............................................text...o........................... ..`.rdata.."~..........................@..@.data....H...P...,...6..............@....rsrc...l............b..............@..@.reloc...,...........j..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HipsLogCenter.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):555240
                                                                                                                                                                      Entropy (8bit):6.523642703236138
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:RzJibra10t6DBAAxFhNngOsLOsZDvnCjN8d6HVilI5hKRPnQ0FbgB4e:CbzipngOsLOsZL38IKb4PQ0Fbje
                                                                                                                                                                      MD5:4B481EA28EC7B065AD6C7FE7674AA363
                                                                                                                                                                      SHA1:152FC3DA4A1DF717623E4D57476A1D72ADD7F610
                                                                                                                                                                      SHA-256:92AA7045E70E2BBB706DCD1A1D9B41026CFA06FEDF0E48EE0CAE63B8B80084F5
                                                                                                                                                                      SHA-512:08F8388322D3623F8DBC23DB60E0542B972754FEAB4071C0FC7382F9EBD54313A8A10E5EBAC9D72E5F4909B23A2FCB4114B44BCF47F3090B029DDEA27CFF21B3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........\O..=!..=!..=!..E...=!.Kr...=!..E...=!..o...=!..E..b=!..E...=!..= .<!..E..=!..E...=!..o...=!..E...=!.Rich.=!.........PE..L......d...........!.........V...........................................................@.............................w............................L..P,...`..4C..................................8v..@............................................text............................... ..`.rdata..............................@..@.data...\........j..................@....rsrc................@..............@..@.reloc...Z...`...\..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HotfixCommon.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):180800
                                                                                                                                                                      Entropy (8bit):6.720835675786583
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:zQPGqss58Kg5dqBLQ8/90/qTQPOfb7+sH1buHv/c6R2Wmjgk4Kq2iSiTHa89B:zQPB4jqBLQ86qsPOf+8RuHXc6tmv4KqZ
                                                                                                                                                                      MD5:91D9E316BD0533C92BDE234131EC7AB4
                                                                                                                                                                      SHA1:86D1997382E3FE81AC27B88EFE33E1773D095518
                                                                                                                                                                      SHA-256:62BAAD0A128B580889091F015384410BD491F21BB101682557B034ACB28E00D9
                                                                                                                                                                      SHA-512:BDD41A900EB1299815CA24FD78EE5499F20C78C5E62CAF11934A5348836C557AB402DF1D75B4932AA6E322562C8CDEBB120FC74137ED9D693AE6719C44C5718F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...................................x...........!..L.!This program cannot be run in DOS mode....$.......N .'.A.t.A.t.A.t..zt.A.tX).u.A.tX).u.A.to'.u.A.t.(.u.A.t./.u.A.t.9(t.A.t.,.u.A.t.,.u.A.tK&.u.A.tK&.u.A.t.(.u.A.t.(.u.A.to'.u.A.to'.u.A.to'.u.A.t.A.t.@.tX).u.A.t.,.u.A.t.(.u.A.t.(.u.A.t.(.u.A.t.(Bt.A.t.A*t.A.t.(.u.A.tRich.A.t........................PE..L....@W^...........!................................................................i....@.........................p'......x(..x........................7..........@...p...............................@...............8...x#..`....................text............................... ..`.rdata..tD.......F..................@..@.data...h....@......."..............@....detourcX6...`...8...*..............@..@.detourd$............b..............@....rsrc................d..............@..@.reloc...............j..............@..B................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\HotfixCommon64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):219200
                                                                                                                                                                      Entropy (8bit):6.255426513524174
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:n7pWDP71+xRSkTt9XFD6RAtofSUAfohtDanx51K6flyT9S9:1WDP71+xR7h9XFBtofStomfK69e9S9
                                                                                                                                                                      MD5:C64D91E0734622D550F578CAC023FE9B
                                                                                                                                                                      SHA1:9B5F47305F02ED862BE6A8E6F6D48647F9311E84
                                                                                                                                                                      SHA-256:9AA97B67D074D85CAFB29A0A561DFAA2416A283FC8A228B6904D63D16C8C463B
                                                                                                                                                                      SHA-512:FD419DE7FBC7C0B9F33CD340E2DEF67849DF628799FC0507DFEB6F77DD8681232B81216D082155278EC7D158E99FB480EEAC884A8962F410321F91A89D500CBD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$........-...L.E.L.E.L.Er.^E.L.E.$.D.L.E.$.D.L.E.*.D.L.Et%.D.L.Ev".D.L.E.!.D.L.E.!.D.L.E.+.D.L.E.+.D.L.Ev%.D.L.Ev%.D.L.E.*.D.L.E.*.D.L.E.*.D.L.E.L.ERM.E.$.D.L.E&!.D.L.Ew%.D.L.Ew%.D.L.Ew%.D.L.Ew%fE.L.E.L.E.L.Ew%.D.L.ERich.L.E........PE..d....AW^.........." .........$...... .....................................................`.........................................0.......8...x....`............... ...7...p..T...PO..p....................O..(....'............... ......0}..`....................text...0........................... ..`.rdata...q... ...r..................@..@.data................x..............@....pdata..............................@..@.detourc.h.......j..................@..@.detourd@....P......................@....rsrc........`......................@..@.reloc..T....p......................@..B................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\ImAVEng.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):175728
                                                                                                                                                                      Entropy (8bit):6.544553321577818
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:ix5UgqxBe84iqhlPyKc4pquYWWM1qOrlhPzc8ylmyK5WodzzDi:i4pgbzTYWRZHrc9lNQzq
                                                                                                                                                                      MD5:B8FDC03B9B84A62C5C541524DCA2E723
                                                                                                                                                                      SHA1:5643ADAE63CA199F9C44A35F3B30947A0F8B6D21
                                                                                                                                                                      SHA-256:1F6F3DADCC4C3096EEBFB5CE5DB979755ABA5CEB9DB18E6CA6238F05B45E5F4D
                                                                                                                                                                      SHA-512:A31708C251967D484F242BE658E92E94D87671294CD2C959276EC3B739D46F3FC7D1140CC8F78640DBD9970EC2176633E67DD079A3182ACDCE0FA8A7DE366637
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}.G...G...G...N..U...N..=...N..~...`a~.F...`ah.L...G......N..R...N..F...Y...F...N..F...RichG...................PE..L...2..T...........!................q.....................................................@.........................@`..U...pT..x...................................p................................>..@............................................text............................... ..`.rdata...`.......b..................@..@.data...@7...p.......N..............@....rsrc................h..............@..@.reloc...'.......(...n..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\LeakFixHelper.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):313952
                                                                                                                                                                      Entropy (8bit):4.32348576044483
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:7cxIVD6kUS+hV/EENZH3JzJPlZ4k5O0f+BC9vCfFL:ooehV/pJzJPHM
                                                                                                                                                                      MD5:A88A6FFF171F7FECF8668DA1EFC843DF
                                                                                                                                                                      SHA1:E4C8B375BBECF5790B2B0444B049CCE11659D598
                                                                                                                                                                      SHA-256:34CCCEC093F5711D1202F54BFE8756E093E4F84099EC7D609AB9658C3C941921
                                                                                                                                                                      SHA-512:808F6E217F5E157663E66B46429636C4D811ACA7C5672EDD1B003377BB4A039265B4FB905B4ADE39D81B3E64E7793BE8278454155E8BD2EE92FB5B6F919563EE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................l.......z.....h...............}.......s.......k.......m.......h.....Rich....................PE..L.....4Y...........!................e ..............................................'H....@.........................`...K.......<........................5..............................................@...............|............................text...M........................... ..`.rdata...N.......P..................@..@.data...........j..................@....rsrc................`..............@..@.reloc...*.......,...f..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\LeakFixHelper64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):362400
                                                                                                                                                                      Entropy (8bit):4.208790369342181
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:ZGlYJdSi2t2SwbVGMuyic94uxJmXs/wIb8n9ssWy5cdJEnpOwD7A51B8BLRPrB:0lYXSi2ttqWc/PYOy5cQnpOS51
                                                                                                                                                                      MD5:3D01B2B5288974E922B6417FD3B02373
                                                                                                                                                                      SHA1:5649D3E7E15D1BF707CD7C28FE9931E5620EE9ED
                                                                                                                                                                      SHA-256:B438EF547753F91577730FFE9321563E7DD4ABBCBF056ADEE3C49906FC1EABD4
                                                                                                                                                                      SHA-512:F0C0EEBA22F33A4C596FF1272D681E7A349AB60112FD0AF5C75E07F065F35525C332270DE0ECC171D0B4BF53C3BC79C4E40BAD0EF1A0418A2D5DE882765D2FEC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|.|\../\../\../Uef/(../Uep/V../{./Q../\../.../Uea/i../Ueo/W../Uew/]../BOq/]../Uet/]../Rich\../........PE..d.....4Y.........." .........F......lz...............................................f....@.........................................pm..M....b..<............p..|....F...A.............................................................. ............................text...L........................... ..`.rdata...].......^..................@..@.data........p.......\..............@....pdata..|....p.......&..............@..@.rsrc................2..............@..@.reloc...............8..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\LiveUpd360.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):647184
                                                                                                                                                                      Entropy (8bit):6.591959886632138
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:I/8iKgqct1l8h5H/30CrYXUjniBZoStkf0EOl/mvxxXiINkYF69+:NbhV0gMYnigStkMEMSxXrmYF69+
                                                                                                                                                                      MD5:960B05116F13AE8E8B17A6BA2919BF2D
                                                                                                                                                                      SHA1:D1A58D1F65272198D0A6657B06FAE6D27F1E156C
                                                                                                                                                                      SHA-256:00354506D4F1DD6A1FDF9450CA4A8E799A5A420A1A47BA3E41D7B30D8D02440A
                                                                                                                                                                      SHA-512:7A05E3178ABB8F92AA3A61F8A3156C87BD46F03F12D8EFC6CC1FEEE36B2508816E761BF6A3385BBDA2DD16EA3AB9CB4A5B899C3D844257811F0B3D9C4464713B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............`..`..`....`.i/]..`...^..`...H.%`...B..`....`..`..`...O..`...Y..`..2_..`..`\..`...Z..`.Rich.`.................PE..L...*..b...........!.........................................................@............@.................................(...........................xC.......N.. ...............................X...@............................................text.............................. ..`.rdata..C?.......@..................@..@.data...8........2..................@....rsrc................*..............@..@.reloc..<d.......f...4..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\MiniUI.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):921160
                                                                                                                                                                      Entropy (8bit):6.7626587126151065
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:nJtdTUbI0Ig/fMiK6hRN/IgOoWtT9nQnap:nJjUbIU/fPHhrIgBWtTFQnap
                                                                                                                                                                      MD5:5123C3B8ADEB6192D5A6B9DC50C867B1
                                                                                                                                                                      SHA1:6D142074A21AA50C240CE57CA19A61E104BBDF41
                                                                                                                                                                      SHA-256:273CE954C8D33ABAAC3A0FD8546719F09718C1D91317ECF5B99181DFFA3FE26A
                                                                                                                                                                      SHA-512:067305A8F09C480FE4A4C8609638C9A490C4EBE2782BD13C10B380DF14F76D4748EB785F44E7BCB86514718F99D07C3C6A4B43928A294B18020CB0FA589EE2A0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S...2...2...2..f}M..2...JN..2...JR..2.......2.......2...2..3...`_..2...J_.y2...JX.%2...JI..2...`O..2...JJ..2..Rich.2..........PE..L...h..Z...........!......... ......Q........................................ .......G....@..............................................................7...P..$....................................'..@.......................@....................text............................... ..`.rdata...].......^..................@..@.data...X.... ...X..................@....rsrc................j..............@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetDefender.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):451480
                                                                                                                                                                      Entropy (8bit):6.641728581015286
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:c2qfhIic6ZYk/UxdGhZi1MVv2MIbvweYsoOzpgseJUnv9it:c2qfGhz/qgodsoRenv9it
                                                                                                                                                                      MD5:2C63554380D33E2AB153CB285E72C2F8
                                                                                                                                                                      SHA1:1EDE14CA4003AE639AA80E2F4E90558DD1A49A7A
                                                                                                                                                                      SHA-256:F77F9AFB3459F2D2C8FB0354317A0353ACBBF6D31988597775ADCD9AB0D80BA1
                                                                                                                                                                      SHA-512:96F951089D907F635AF5A517AAF53FD13064ECA471DC4440B8C67147A91F11043043F102814C2E6DE8933F81F30D6AFFFCC073BF98670A8D52A5518AD89646B7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........`.q.3.q.3.q.3B>.3.q.3...3.q.3...3kq.3..3.q.3..3.q.3.q~3.q.3...3.q.3...3.q.3...3.q.3.#.3.q.3...3.q.3Rich.q.3................PE..L....tc...........!.................}..............................................D.....@..............................................................I.......7.. ...................................@............................................text.............................. ..`.rdata..o^.......`..................@..@.data....w.......2..................@....rsrc................*..............@..@.reloc...Y.......Z...>..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetDiagDll.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):337736
                                                                                                                                                                      Entropy (8bit):6.495942481063909
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:g1wCwn8QI2fm53Nx4Lj23TIae3m7jwyhb/7hjW7iBH+ljFx5mcvbKr:gmnckm5dy63TRe3XyhbNjWep+ljFx5R
                                                                                                                                                                      MD5:22C3095414CE54C8405225E3BCAAE591
                                                                                                                                                                      SHA1:9F0515A564B5077F49AACE011E84AF51F9973F32
                                                                                                                                                                      SHA-256:B734DB11E973318D728FE92E112639AE5B8876C855E6507315C707D04D3E0746
                                                                                                                                                                      SHA-512:2BE22658A038F8061B398489C357EFBA0F920FA24655A53650593D4924EE565E445D3A7CFD2C9689BC3A79E8355157004640E49B0249FCA63B3EBE11726D42A8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........T...T...T....{.V...].x.M...].n.....].i.....T......s;..O...].g.G...]...U...J.y.U...].|.U...RichT...........................PE..L....fgS...........!.........(......~........................................`...........@.............................U...l....................................,..`................................S..@............................................text............................... ..`.rdata..............................@..@.data...8Z.......0..................@....rsrc...............................@..@.reloc...A.......B..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetSpeed.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):499432
                                                                                                                                                                      Entropy (8bit):6.633998530829339
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:2gz1k3fKRVIpJcADwPkUeKvd8C/RxC4MwYXlHUCMJ/TBJnt8KZ0Se+4xichK4:tMfKRGJc1tnPC4MwYXVl4/Trt8K61s2
                                                                                                                                                                      MD5:049791828DE05D24D29EC9C8687F8B1A
                                                                                                                                                                      SHA1:2B6D787EB078DFAE0C6718A9D99D06CEB01FB273
                                                                                                                                                                      SHA-256:D418DDA34640521B8695642C7A7E719F173F706472617CFF4ED343FB68211862
                                                                                                                                                                      SHA-512:7E36019A163F55932F95D33FACB216B69244DC8D5506CFD1D2E707A736AF448D7A4F78ABEAF85CF0F42E4E18B7EB1D330A9788F73773E6BE23A61C6B2981136F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............a...a...a.......a.......a.......a......a.......a.......a...`.D.a.......a.......a.......a.......a.Rich..a.........PE..L......c...........!................................................................|.....@.............................a............p...............r..P,......@F.................................(q..@...............`............................text...E........................... ..`.rdata...G.......H..................@..@.data...Xp.......,..................@....rsrc........p......................@..@.reloc..|d.......f..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\Netgm.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):343784
                                                                                                                                                                      Entropy (8bit):6.490658338748216
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:rFp+cWO/EibdFr0Zv7U7bAb1qi8JU0Wexe/1Yd02Y+VZRg43r:rFMcWO/Eib3r8jU7Q1qi860WexexEGe
                                                                                                                                                                      MD5:6E5F6B4D49768E131EF614DD07E5EFA5
                                                                                                                                                                      SHA1:DBA90982727A9373C8D97E72500D89814184C7B6
                                                                                                                                                                      SHA-256:EE326C156144EB89DE76C21C66BDA10BD22922B1A9C85615CACEE84DF355604C
                                                                                                                                                                      SHA-512:12FF45D6F469B577E74A62B866DAE2A879751654A6627250286E3CC4F319411FE901155347DA762010F373BBEB46F2BD95E0428893242EE4707BEFA7312CF92D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............o..o..o... ..o.....o.....%o..=..o......o....o....o..o.._o.....o.....o..=..o.....o..Rich.o..........PE..L....P.d...........!.........d...............................................p....... ....@..........................Q.."....@...........Y..............P,... ...*..0...............................x...@............................................text............................... ..`.rdata..2...........................@..@.data...._...`...2...@..............@....rsrc....Y.......Z...r..............@..@.reloc...C... ...D..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetmLogin.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):533600
                                                                                                                                                                      Entropy (8bit):6.567835943059589
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:OgmCH8ZkhmmpKJiv/Dn5EWomaMIhEKf3Io7fknS52:Og58GnOthL/I1nW2
                                                                                                                                                                      MD5:5D7B815A95164AFB4A8E35240644793D
                                                                                                                                                                      SHA1:3AA5BFB8B2EE68C33BEB3190480CBE0149C29A96
                                                                                                                                                                      SHA-256:1158A8B493FC607354DD21E5A601760C082C00EB8B69E839E17E4A198C807418
                                                                                                                                                                      SHA-512:95E06406294258A3F81446A17E5CF67A02EFCDB0DA257F32ECD5B48D3F00B9BE628E2F82C04856191CDFDE02474ABC62D64D4A200164D7F6149993E548C8A335
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+.o.o...o...o......n...f..w...f......f..!...HTz.~...o......f..$...f..n...q...n...f..n...Richo...........................PE..L......Z...........!.....F..........'........`...............................`......v.....@..........................U..P....G...........................5......LJ..@c..................................@............`...............................text...iD.......F.................. ..`.rdata.......`.......J..............@..@.data....r...`...8...B..............@....rsrc................z..............@..@.reloc...k.......l..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetmTray.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):247016
                                                                                                                                                                      Entropy (8bit):6.914297747665078
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:LQvXrZQoI8GHJg9bb9wv/cZD9Da5TUUQJYlCXbKJOZwFSYG0GTO/X3/mCP0V:kFIZgXwvkZqUpJRGOZwFVG0X/mXV
                                                                                                                                                                      MD5:5B4C825671418F34D95EC1F7BB55FFA1
                                                                                                                                                                      SHA1:C0AA182B281EDB4F06BDC98D7CF413AF948AB50A
                                                                                                                                                                      SHA-256:AA51AE325D53D586532145E0C6E702247654502C0349C5FC570D7155353B045A
                                                                                                                                                                      SHA-512:BEC6D76883BF786F93BCA0E32A36CF21002D5E1CDC1C098628D9D50D1E8E40B0E44C6AAA07DD8B503ABA5B638D44CBFAAF6C4BFB0E9F6C8F49470D7664432F73
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..#...p...p...p..ap...p..wpv..p..pp6..p/1.p...p...p...p..~p+..p..fp...p..`p...p..ep...pRich...p........PE..L....B.e...........!.................$....................................................@.............................]....i..........x...............P,..........`...............................HM..@............................................text............................... ..`.rdata...q.......r..................@..@.data....N......."...p..............@....menu_sh............................@....rsrc...x...........................@..@.reloc...2.......4...b..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetmTray64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):290024
                                                                                                                                                                      Entropy (8bit):6.537709606383622
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:AhEzpelia8VSPgFmHKbDNATfCfzWNunIj1EpJRGOZwFVG0SJK:AhSpelaSPXMmLC7W4iOZYG0n
                                                                                                                                                                      MD5:0F15D28EB4CCD9DADFEC0305BF5F8E2A
                                                                                                                                                                      SHA1:04DE9FA6736978FDEFA031082C58FFCD0169861D
                                                                                                                                                                      SHA-256:F06872A9A6A6AFB4FEA670385694EA364F271705FB89B09E4390E95752A98F25
                                                                                                                                                                      SHA-512:955B8C3F383C66B4249510A20890C856994F2F4E9FA40C374B472B9E19AC2441A86BE67249F13E1F624AAF2F03D0F6A73F69A0E3D73178F2FC39843382D1041E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5...q..Hq..Hq..Hx..H...Hx..H{..Hx..HN..HVT.Hl..Hq..Hl..Hx..HR..Hx..Hp..Ho..Hp..Hx..Hp..HRichq..H........PE..d...7B.e.........." .....L...........]...............................................L....@.........................................."..]...0....................#...@..P,......P....h...............................................`..@............................text....J.......L.................. ..`.rdata..M....`.......P..............@..@.data....j...0...,..................@....pdata...#.......$...@..............@..@.menu_sh.............d..............@....rsrc................f..............@..@.reloc..L............2..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NetmonEP.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):160584
                                                                                                                                                                      Entropy (8bit):6.648758970829866
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:ABDE5pe7xyshJiszc1TLQXDNxLYeW54C:Aip4ysYTLcXP
                                                                                                                                                                      MD5:EFEBB6F93832D5A7EEF3BD4EB81D4A79
                                                                                                                                                                      SHA1:9A75E55A08422E7B6A7D695EBB0F61589B31005C
                                                                                                                                                                      SHA-256:542928806DE9A653C52250A0AB3D7847EF9249C195C00B82E5BDEB066AE6D2DF
                                                                                                                                                                      SHA-512:D9F276F0556539739289585B55482034BDF99F0C18917720F1AB84B870DDA3E303792CD4DF85183155BFFF8DA174EFBE8A74506197B268D632BA6916AF00E521
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>...m...m...m..,m...m..=m...m..+m..m.Y.m...m...m...m.."m...m..:m...m..<m...m..9m...mRich...m........PE..L......S...........!.................`...............................................................................*..V.... ..d....`...............X.......p......................................p...@............................................text...I........................... ..`.rdata..VJ.......L..................@..@.data.... ...0......................@....rsrc........`.......4..............@..@.reloc.......p.......>..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\NotifyDown.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):549488
                                                                                                                                                                      Entropy (8bit):6.736896619735914
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:XLgRCEprkKZlVgTndpHpTVWDQZNrHIGUYmHASzK8BnWToS09:7gAEprcnLVADQbzIGHmxK+WTO
                                                                                                                                                                      MD5:14274CF241144895CA05CD456197F573
                                                                                                                                                                      SHA1:4D4009B0A2F7BA56C6C98DC823C41085EF4712C7
                                                                                                                                                                      SHA-256:113562BF950B39E9466E8F646C84AAA93F6B2C89530F56913B0B36E0096239A0
                                                                                                                                                                      SHA-512:5A8009D935EB59B10523494C6C9D0A79FD29B0FA41CBA046E9CCC60A8D2EBA05CCC23D881E121A4526371E21B7C9DB6CC62783E1A5ACAD019705970C9F52091E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............y..y..y.....y.x...y.....y..J...y..J....y..x.P.y.......y.......y.....y.....y.....y.Rich.y.................PE..L....u.T...........!.........@............... ......................................j.....@......................... q.......R..T........Q...........L.......`...M...&..................................@............ ...............................text............................... ..`.rdata...R... ...T..................@..@.data....z....... ...^..............@....rsrc....Q.......R...~..............@..@.reloc...x...`...z..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\Ntvbld64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:MS-DOS executable PE32+ executable (DLL) (native) x86-64, for MS Windows, MZ for MS-DOS
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):42976
                                                                                                                                                                      Entropy (8bit):6.2171815555231875
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:iHfqCaczo/ZinYCOd9L9KyhaM7JubDGpZRKjKj9MPgkU7:8fqT/ZWY/L9l7JheMJ
                                                                                                                                                                      MD5:671F95CAB2B5CF121125413F250F5275
                                                                                                                                                                      SHA1:73D99D09A3D8978A5C6DB43CEC85FB43B03B7A26
                                                                                                                                                                      SHA-256:728A1FCDEDCA6DBD8FDDDE3F33CD64DD99853C26EF5B10D3FEF0D76D0480964B
                                                                                                                                                                      SHA-512:4AF690AF838CEB026636931AEDE3852EAE6D83881149EF4C28CC1DD032C3F7F6A64B30171C2524512FACD40496DAB305523D20637B44EFBF0D5805D0FAD1FFCB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ!..... ..........e..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ntvbldDXML..$............!.L.!.........`......................................................................Rich....................PE..d.....a.........." .....H...".................p..........................................@.........................................pV.......S..(.......h....p.......h..H?...........................................................................................text....F.......H.................. ..`.data........`.......N..............@...

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\PDown.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):253456
                                                                                                                                                                      Entropy (8bit):6.554744612110189
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:OpoEWHpLJeJ8MvIucm/334RStKp7Tu975:vEsLJeJ8MvPcm/30u975
                                                                                                                                                                      MD5:637FB39583F9C2EC81E0557970CD71AD
                                                                                                                                                                      SHA1:ADA1137BB47DF62F48407ACC2DC713D92D13A0E0
                                                                                                                                                                      SHA-256:330B8EC664949CB9DE5BCCE5AC248148B58DCFEED69ACD8D9CB576AAA935045E
                                                                                                                                                                      SHA-512:F72C77D29C51CC6AC1151C919C769BF063E5BAE763033B9BF5BC713E01416ECB301A120B22A17037310E47662EA916A06AA09BB441DBDEE4032A6D59A0876ECC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........gOT...T...T...]..B...].....]..Y...sTr.C...T......]......]..U...J...U...T...V...]..U...RichT...........................PE..L......b...........!................W...............................................j.....@.........................@L.......=..........T...............xC..........@................................!..@............................................text...)........................... ..`.rdata.............................@..@.data....H...P...(...:..............@....rsrc...T............b..............@..@.reloc...,...........j..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\PopSoftEng.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):662920
                                                                                                                                                                      Entropy (8bit):6.526894314465185
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:+huSCyAZQUpHByI4ur32KWVyTHrpGUCiAqfoHD2AvdLnaSZCzm3slIalDoH7+F+2:+huSCySQUpHBl4uqKW2Hr9otZCCAlUHa
                                                                                                                                                                      MD5:C3EA1FBF2B856FC25E5348C35FF51DD9
                                                                                                                                                                      SHA1:87D8FDFDD52FA3BD59FDC7BB1E378091D0D91C16
                                                                                                                                                                      SHA-256:6F24B8CA595B4B472320C7A104C64AAD6F0928AD4F1318D1DCFBB0C5BD488A64
                                                                                                                                                                      SHA-512:298CE88D37E0496CDF6DADCD7D8890128B90113161311D67ED264B003D5840460FE594B8550FA46E45AF88564E4095C21B748CA3D2B497540ABEB0CAF5533820
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g.............~.......~.......T.......~..........................J....~.......~.......T...............~......Rich............................PE..L... .._...........!................q........0...............................P......8.....@..........................J..N...D9...........................6......PT...3..................................@............0..(............................text............................... ..`.rdata.......0......................@..@.data....~...P...8...4..............@....rsrc................l..............@..@.reloc..Vn.......p...t..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\QKFJSGCGWGRQ

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):177
                                                                                                                                                                      Entropy (8bit):5.199674938155793
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:FCxn9go7vcgtHqYcn307C3bKptbwNjGbttcSz3j9BfMkwetdQQqi5xQn:FCgYxtckm3byJwNittR9wgCQPxQn
                                                                                                                                                                      MD5:79D59988C12F0214DCA8BE424A94A91A
                                                                                                                                                                      SHA1:9C88792C8B94767093346F590CDC9C103AF6B4C2
                                                                                                                                                                      SHA-256:D3C151941A923BFBC7E686AECB5648461E8FA1516F93602B7AFF48F2318040D3
                                                                                                                                                                      SHA-512:A4D2F2E6407DE534D26911D540CCE8CF198D29A464CA9ABEB6451A9FA745C47307DF71A9C772E2D60663C4D5B0EABB9713DE794BF923B6153A0AAD3F76893FAD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[XLY]..P2=TLGCBXAGVFLQ.KBI..P5=JHKQFETWJKTIHLLBOKO..P4=TMGJRLDUDWLQ.FCU..P7=PXOEWCVFPIJPLHQSQSX..P3=SUGIPFIMNRQE.TMA..P6=MNHWOTMLOHTPVRFXPCH..P0=DAN127..P1=e8a0d5af432b7e64DBD..

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\QseCore.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):849224
                                                                                                                                                                      Entropy (8bit):6.7893930691706075
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:V/Fiea85oMvk6SqMNH/U6beovEYNVXWTwROJTQ9wC1N4Lx09GpVuQ:VAF85oAk6lMNfU6beXwROJTQSC4l0KuQ
                                                                                                                                                                      MD5:AA4E9E8A1B0B7C4126451814701A449F
                                                                                                                                                                      SHA1:7D988C453283C345E17422FC4B2B6CCFD8200245
                                                                                                                                                                      SHA-256:6CA0ABCD77232A5CBADE520596CAB305012ED72315C09CB5A30C3C1E96367F98
                                                                                                                                                                      SHA-512:0738DFDE9EC2B1E23B88FDA344CFBA443705A3AD87F22629676118DF555BD395D1737066EFCC4257B8138A0D282491CBD30F36D1880CA640E7D463855C0AD63C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........!..O..O..O.{....O.{.....O.{....O.Q;...O...L..O...J..O...K..O..O..O...K..O...J...O......O..N...O.W.F...O.W.O..O.W..O....O.W.M..O.Rich.O.........PE..L.....6]...........!................E...............................................f)....@........................../.......0..d........................6.......W..P...p...............................@............................................text............................... ..`.rdata...........0..................@..@.data....F...@...,...2..............@....rsrc................^..............@..@.reloc...W.......X...d..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\SUGIPFIMNRQE.TMA

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:7-zip archive data, version 0.4
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4838513
                                                                                                                                                                      Entropy (8bit):7.999961065475255
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:98304:PgbEEFSvDacXxd7ApaC/FgEQC0kqIZ27XUGCmTdpdHFHr8V:PgXjcXxxApJyEQDbIZ27XUhmBTHQ
                                                                                                                                                                      MD5:EEF97F5CF47A715367D8F933BDDCDF61
                                                                                                                                                                      SHA1:3F1119620BB8DF7963C59C1ECD7EAA485CFC72FE
                                                                                                                                                                      SHA-256:E2F5E8EB95FAC989DAE56CEF4C737F53F5E1747EE372BE9EBDCE544153A4E373
                                                                                                                                                                      SHA-512:AD50B7B6C48A2DF4167B6794C569861F0F20FE8BDB00D1B0A19B9DA22C4E9A18CC0B3F7EDE976FA9D06D29E549288A28976C788FBD6798A7B8B65835912BE40B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:7z..'......b..I.....A...............N...r.z......=.AO`/..T..V..o..dfS..,;.]*[.PW......y....=....kQ.i.4.;.A..i.........v$.u,.(%... .<....D&..[D...|..........}9.Q.x.S../....(..D.t...).r..8;.i..&.k.C....9.m3i........k.AE}.6.M.^7.0.8...'f........Iz...o(w\V..Z......0.'.Y!yZ...~...'f]M.._.%.yh...+_..,Bp..S.53..`....gKNW...&.ij.g.x.....K..m....A.E.......`O^.....Y...`...\.=gG.V*..Z.W.xh....=.v...:.....i...\.....<. ....2....~B..W.?..qX)r-./!.0.......P.....p..s..{..m^..\....g.<-.U...lOA..b}...0.%"..a..9.4...S.".......m%wHT..U......`..1.x$.{...F2.......hk*.HEp=..O..pW...9.uA../Jo<.P......../.SXoJ.....7t/b}..V...1..K\...v....k....*g.e...3b...o.e.m:.7......Kb...'..9.....lcu8.^.d..T.Y./.6....U..&......9.7...y.j.....].>z{.x..>.)...0#3...4.... ..MT.....3...yq8qrW.m......\..<..l.8.qGw...i...._..5....;."....>...8k}..~r....:...7...6.....Q.......U.....,..aP=4%/..^k......L.-....^.b...`.SU>a.W.2.....X.i.Zm..K.......K.A`...........<.<....t........A

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\TLGCBXAGVFLQ.KBI

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:7-zip archive data, version 0.4
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):11899681
                                                                                                                                                                      Entropy (8bit):7.999984125155647
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:196608:A8PLUvOmYVTAsqbS0A9hZZZoTeKJpKkfBEzkos6+ZgVcB+K6tObk87MDuPAEbqkR:JY2xRAXA9bQnfBEOB+mHkIMzEb9nxrpB
                                                                                                                                                                      MD5:E62839794DC4F960FE030473508B9947
                                                                                                                                                                      SHA1:08FF9926F663196AA48E3BE3D32E82A69567C76F
                                                                                                                                                                      SHA-256:5EF198566190D4E09ECF227E07061937D70C743B8C56BA1A94BCFEBD1CD86908
                                                                                                                                                                      SHA-512:29F9C7A5979AEE600573AA2DC1C3E9DB7CCB1A0D73E84ABDDEACCA151A664B1B692A9DF432B3CDF7DB7857BF43F47121769CBB44F7A2D981F86B34A270718E97
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:7z..'.....n.........A.......c..T!.'.1..i...........KKO...M.-..al.\i..~]W.....w.....p.oW1...:1..`U..M..B[....3S.....)...A..B..._.vD2..K.....B........Flj.....Gcn...=.I.-.Zp.a...,@0..V2.fyF.|........_).....u.0.z.R...RB1......4....H..N.7.=).Tid..).<u.#...*..Y..~#......g<....6....+j.~NAEU...=j0.<...A.O...(.;F...P.J..8.H.{g.p.....m<1.u.M...E....O...AY.q.tR\G.\..Jn.C..YM...n...*.+...y..........q.......^..`....%...9.e..<bu5..^..i......]'.S..o.....~1..0.r..,....A...Q.{.!>...t5..c....&.;.?d1J....aG..........y ..#.g..-.....Vst....y..^.jr.....e{.<.=,..7.).2T-4..'..%..&..t.J...T.%f.me.\....R..p......m...m,{Qu...C|..~~.0.JD7p?...O.4.D...{n.{.C5.d8..;S*e..?..^..|M.U......sPD....+....g..G.K...........b..,...Wi.G8..7..`.......k..G......../..=.U..I...3R..[t.3..Ji/(...I.B....\wp,..9...f....g..k..:.z5N....@../._.T.B}P...&.....I..g.m}...nj....a.VAl...pN..f.XI...z.i.[#.....).E.....iP.7,.....wE..F.4.pr..DBl..a.k).h..G{.....H.>..........V.j..D...L.7...

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\TMGJRLDUDWLQ.FCU

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:7-zip archive data, version 0.4
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):204
                                                                                                                                                                      Entropy (8bit):6.465184095835458
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:HOIqt/N0Xfe3uK+tCSqszI1cqLq7ShUictiYAj7w1H+C/KkCVQw8H32buSljT6Lg:ulIXG3SzI1NlUi2I7wNl/CKw57vOEL
                                                                                                                                                                      MD5:67ED0A69C67F49788D8BD2EE4FC4324E
                                                                                                                                                                      SHA1:A96C13719FAEA1240F4C3BBA1781885CDC9F3EA9
                                                                                                                                                                      SHA-256:193902E9A4501C2D29F21AEA391D438EEA68B628DE4DB05A95D3F8DB318218BC
                                                                                                                                                                      SHA-512:CC9D799962F58CEA8F39788F1F82845CA6F96D43DD75C113B9EE77B7852B98F3A68799948E1172074A1CF30F9A45D526C61EA1FFA7B799D82C80C8DE1034E6A0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:7z..'.....)Np.......<........'K(R.:....!.>..8.......927...Aqp.C'b..N1...Q....9c.Q.C........k..}.+....pc$.F....M..eS!.....[n......8.n.A.....p......$.....S...9...t<....".h+#....].......n......v...

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\TP453990d4df32.TPL

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:7-zip archive data, version 0.4
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):719
                                                                                                                                                                      Entropy (8bit):7.594213020193219
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:+fVs8d7Z0cAY4pls/2+o8zE9yQwLhESu+mG/2LtLO9y7X3kiv/KVoA0MM:GsmgY4plE218HLGSiVLcu36ozMM
                                                                                                                                                                      MD5:3F18FAA73084F2BFAFBA4ADCC071715A
                                                                                                                                                                      SHA1:CB3D7999DC729071FFAFC99D7FE7985973785AFF
                                                                                                                                                                      SHA-256:C8367EA78CE0BC182F4B1399EC1A530E7D058951D953D63AB4B649D8EF629654
                                                                                                                                                                      SHA-512:B4C69DC843FB8218878C4C6FB3CA4B9C41CD8A6E78EE985094B5ABCDF93B777650056D773531A44F02B4FEF2B621E82C38F5D7B4F9FBA182C6F400DE7D89A83F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:7z..'....I#)p.......?.......R..C.O..*.....3.:.v..O...d..A..pS....BL.......*W........!ET)|T.....qL.Po}.Sd.=~...HjL..B...Oe6....U.j0h...?]v...B..........+sw....gf...H...]#...z....'_..q.P..V._...S...$....!...s?mm..b.......m..z...I.b!o.y.|........'?....IH.$+.X.p..lV4.e..k.....P..>.T..1M....`W...5..'B....%T|.8.a.d<N5mi1......0..0..7.7..&..]M..%O.......]l...N......5...1/..r......6.Z...\.`.<9.F.8..e.L..J...5.^......$cN9.....O.Ju...R..Q.l..8]0.}g.....u..1?01r.a......o.1..6C.-..O4W.....r........WG....po.oH!..9......X}..e&..Z.:.T&Z.A.T.p..0....k..+Kw1...(L.zd7..!v...'.q....VRx.}....a....9..a..z...../.C...o./c..e...U...."j...K.j...............$.....S.|..D=.).`.....*.#....].............u$...

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\TroPox-B_Plus

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):710888
                                                                                                                                                                      Entropy (8bit):6.630506217753264
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:5n9CCUQ0bGwLt1n/iswKJLUY2XOrEO/6awL7wU0s6OzeoXHhS6ckqIbpieFGrh1l:7+tLt1aNYrfBB6BAqZkyQgJ0VL
                                                                                                                                                                      MD5:C4A08B391245561157AEFD0FE7C40A11
                                                                                                                                                                      SHA1:28D15D43A1BDEBC83701AFD89E6EA9C24F90DB33
                                                                                                                                                                      SHA-256:53D7C8F2FD109E85FC9302B7424875BAD22A148D6EDC6C7FD8E4589E97259BFA
                                                                                                                                                                      SHA-512:24C7608346B76694BF9D8227FF6A794B26D73C0DA93FD231A2331CD371ACC86F293FB9093850F5513DFBE1D269114A56F47DCADBA11BD98C691AB38472A6CCC6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Ta+....................[...............................................W.osp.....r.xt.~xuu...y|...u.pu._jn.t..|............*3}...........l......l..Y...l..... 8..... 8..... 8..............&..........~;.....~;.....~;.....~;.....~;.....ip~s...........................k\..W.....d..................u...C.......Y............[......................................[..........................................+..?...........#7..k....;..+r...W..o............................W..[.............................................|.....Sw.......u.....................{...x.x..?0.......1..................[..[..x.x...Oi...K......................[......~...?....+.......A..............[..[..|w.~..+r...;...s...Y..............[..Y........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\TroPox-E_Plus

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54272
                                                                                                                                                                      Entropy (8bit):5.9384613835931574
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:84fiYqzFjnHIF7NeXNW/bZKn8ei7DAks8EA8sZeuFZjjDQWLFb:1fi9ToRNedW/bj7DiJA8sZeu3EWLFb
                                                                                                                                                                      MD5:59B142B38CFB0CE17D78B9D675E39496
                                                                                                                                                                      SHA1:0038255330C145BA84B9BEB847B992D885B7360C
                                                                                                                                                                      SHA-256:07F115D147FA617BCB46CDE33C50E95B6792B8309E6D9B81F8124979FCEC3E59
                                                                                                                                                                      SHA-512:3B65B4292EB7CFB657648A16784B0B01E2771D618C083761340158293AB1D56547A81A4EA0E6163CDF9614C97D80F88993958AB37BEB8C28A6B710A09B70864E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Ta+....................[...............................................W.osp.....r.xt.~xuu...y|...u.pu._jn.t..|............9.........................@.......C...............).......G.....................ip~s............k\..W.....gr....................................+............................................[............................n............................................................................[............+..k.............................|.....S..............................{...x.x...J...+...K..................[..[..x.x.............................[....|w.~.............................[..Y................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\TroPox-Z_Plus

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1390312
                                                                                                                                                                      Entropy (8bit):6.599443687044707
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:znhMjKSFXpFEzq7zZvjyswjzYnOAjPSy36c9RCvirRMNJbd3g:jhMt/nVo2O56tibxg
                                                                                                                                                                      MD5:C77EE913C46510A705A9DDDD91DE8302
                                                                                                                                                                      SHA1:CB5E045FA27186B9F23E4919590387478B9343D5
                                                                                                                                                                      SHA-256:092689651DB7B81A6816B1F78F8CF81476945D493E9566762F5791ADFC5BDA31
                                                                                                                                                                      SHA-512:A6C080D04C92EFBF8A1A4A1D1423837B1282E4CFC0E77D9DA4BC9F78E235AA6CD8AE3468B588FD9D35BA656A7A1B27AAE805662EB6C84B053D0149855F4A6514
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:Ta+....................[...............................................W.osp.....r.xt.~xuu...y|...u.pu._jn.t..|...............K<+.K<+.K<+..@x.D<+..@~.P<+..@y.<+.y.,.<+.y./.<+.y...<+.@..H<+.@..B<+.K<(..<+.#...O<+.#./.<+.#.,..<+.#.+.H<+.#...H<+.#.).H<+.ip~sK<+.......k\..W......~.............................B.......;..........................................[.........................k...........k...................#...k..........K..............................k..[............;..7.............................|.....<..............................{...x.x.......;......................[..[..x.x...K...;...O..................[......~..............................[..[..|w.~.............Y..............[..Y................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\fhjyy.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):175328
                                                                                                                                                                      Entropy (8bit):6.879935553739908
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:jnrQnzMYywmn3h1sp7/WvCnIukR4BbxKigu/fgl1glfdjgBftJeCEEzx4N7mcr5:XQnzXtr7tbxKVuE1gQJeCEMx4p
                                                                                                                                                                      MD5:BE4ED0D3AA0B2573927A046620106B13
                                                                                                                                                                      SHA1:0B81544CD5E66A36D90A033F60A0ECE1CD3506A8
                                                                                                                                                                      SHA-256:79BF3258E03FD1ACB395DC184FBE5496DFA4B3D6A3F9F4598C5DF13422CC600D
                                                                                                                                                                      SHA-512:BD4E0447C47EEA3D457B4C0E8264C1A315EE796CF29E721E9E6B7AB396802E3CCC633488F8BEEB8D2CF42A300367F76DEDDA74174C0B687FB8A328D197132753
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............d..d..d...g..d...a...d...`..d..g..d..`..d..a..d...e..d..e..d...a..d.....d.....d...f..d.Rich..d.........PE..L....]d............................S#............@.................................>.....@.................................d8..<....p...............d...H...........*..T...........................H+..@...............$............................text............................... ..`.rdata..._.......`..................@..@.data........@.......4..............@....gfids.. ....`.......>..............@..@.rsrc........p.......@..............@..@.reloc...............T..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\filemgr.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):618728
                                                                                                                                                                      Entropy (8bit):6.588792056328895
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:B+jJIpPUHR7IS++ZbaL/mH6yf0fvmuZqhI8XlF7YfkLfm7WUjxioncm:U++4LVs0QpFaIm7WKgoB
                                                                                                                                                                      MD5:6E8F89DA86BB82538932DB314C2208F8
                                                                                                                                                                      SHA1:A86C373D7BC49032F0EB7D0BB01DA74BA67B4F43
                                                                                                                                                                      SHA-256:ABA5E0FFC2D21CB5045D13CE66F8D80862600E37431D20E999295CB07DC5EF3D
                                                                                                                                                                      SHA-512:7EAA25D7AC722EF7687357356AC9635B80158918BDA03C3A7E49387BEACD8CD2A9A2ACFD8B5D13571453A7279772FA726A75C9DA0FD7EC6D5BAF202FB928F00C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9..9..9.MvF..9..AE..9..AZ..9..AS.e9..AC..9..9..8..AT.v9..AB..9..kD..9..AA..9.Rich.9.........PE..L....t?e...........!.....8..........b........P......................................).....@.........................p...O............0...............D..P,...@...U...T..................................@............P..$............................text....7.......8.................. ..`.rdata..._...P...`...<..............@..@.data...|s.......(..................@....rsrc........0......................@..@.reloc...m...@...n..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\fixsc.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):147176
                                                                                                                                                                      Entropy (8bit):6.792908985087195
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:oAhT/95cw+pUD+U7s3H9xMaZ7DdJMq5mZZEGP0V:RBADU7s3H9xnBhJyZZETV
                                                                                                                                                                      MD5:2EEFCD3D407E4DA935E5B60EF257E153
                                                                                                                                                                      SHA1:34F56846E9F48F9775DD8250897345B7736DE213
                                                                                                                                                                      SHA-256:837B3DE5BF545BAB85599F0B6D36D8DFE4B3595AE94254CF7C968D1D7DA86F35
                                                                                                                                                                      SHA-512:EA05765A18CDA52A7398E04947C8DD6828BE06B07261C612BB8E550656FF5F9EBBD37F85C07007980044D2036171227EEA978B0D0592D6D584A5DEFE53BF8968
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........J...$...$...$.e.....$......$.....$......$...I...$..._...$...%.{.$......$......$......$......$.Rich..$.........................PE..L...|Q.d...........!.....Z..........X........p...............................p......}.....@.............................l.......d....@..................P,...P..\....q.............................. ...@............p...............................text....X.......Z.................. ..`.rdata..L_...p...`...^..............@..@.data...|n.......,..................@....rsrc........@......................@..@.reloc.......P... ..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\fixsc64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):174824
                                                                                                                                                                      Entropy (8bit):6.422260069407969
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:vjNq/3Jyz4vHAYH7EKJ3eAlNd09cd7g9EEnQHBdp5FFmvBh7P0I:vjN6yKNBJ3eAdNEEEQHB/F4BhII
                                                                                                                                                                      MD5:ED2ACECC811ABF288316C709E2F2D943
                                                                                                                                                                      SHA1:0CCE7CC3687CAAF59E6DEA1A90D1214782B5742E
                                                                                                                                                                      SHA-256:C3E9F2023A28A2115D15D8DA451B8105771C4D4746F494CCF83FB28623CF724C
                                                                                                                                                                      SHA-512:9DD510EABDB4D59B82A7492DFE6A6D11C47721DD0B7F0F22C8060063A94E36FE93A28EC19815AA68F89B1B807AAE584B304AB15D183493295B7E13E65527BEE0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......xI~G<(..<(..<(...g..?(..5P..Q(..5P..7(..5P...(....}.>(.....=(....k.+(..<(...(..5P.."(..5P..=(.."z..=(..5P..=(..Rich<(..........PE..d...UQ.d.........." ................................................................G.....@.............................................l.......d...............x....~..P,.............................................................8............................text.............................. ..`.rdata..............................@..@.data........ ...L..................@....pdata..x............Z..............@..@.rsrc................p..............@..@.reloc..\............v..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\heavygate.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):559000
                                                                                                                                                                      Entropy (8bit):6.789431209891293
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:OrswC3DEddri7Dj1XHmyZQNCAGTFgRJz/9i:gsP3Dwdri7DjlHECAGC//9i
                                                                                                                                                                      MD5:EE6AA967C56CC0D0820C95D4FD89FB30
                                                                                                                                                                      SHA1:D1C5161FB8CCA7FEDFFC1056FAB8D79309EEC01D
                                                                                                                                                                      SHA-256:C7CC69762AE72840D200C14E652A460807F487059F7D0780E245AB36AF445B9B
                                                                                                                                                                      SHA-512:8502D5E4BB48FE3ABCA897F293199815CE7DBB67E4983BF9A9631A4F92602289FBF08D42DC547B96E1C8338C77108019B952DAA5D682465C7C5567CCBAECEEAA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-.$PL.wPL.wPL.wY4?wJL.ww..wSL.wPL.w.L.wY4.wwL.wY4)w$L.wY48wQL.wN.>wQL.wPL=wQL.wY4;wQL.wRichPL.w........PE..L...y.`c...........!.........F......*M...............................................)....@.....................................(....P..L............>...I...`..h...0...............................0...@............................................text...|........................... ..`.rdata..............................@..@.data....B......."..................@....rsrc...L....P......................@..@.reloc..X9...`...:..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\hipslog.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):49480
                                                                                                                                                                      Entropy (8bit):6.739956450503979
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:C2a0KRlGHkg3oqHo3eaB6e7NXQxZzYf3yvZ6/WitUDvb1PRF8oaH:n/HF3xb8KEvyE/cDj15FI
                                                                                                                                                                      MD5:E2D837E2B4DDA87A82553631E7D5627A
                                                                                                                                                                      SHA1:9F1A5A95B4F0AEA6F9061140F0E22EDA819A78BF
                                                                                                                                                                      SHA-256:A5118527EE28C3C263F3FCC3346F8BCA83284E21C8149082F8D1AAA68B39EBC6
                                                                                                                                                                      SHA-512:3FDBB618C9F49FE5C7EA81398401C5AD19EE8A215B9A3D29FC03071935E566B80560A775CEF3F1502F8447B2A2528285C8D4586C576A3E311241A06177E14C52
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$........@3..!]..!]..!].Z.\..!].lH\..!].e....!]..IY..!]..I^..!]..GY..!]..GX..!]..MX..!]..Y..!].lHY..!].lHX..!]..IX..!]..G\..!]..!\.=!].cHT..!].cH]..!].cH...!]..!..!].cH_..!].Rich.!].........................PE..L...>.?]...........!.....X...,.......Q.......p............................................@.............................t......P.......X................6...........z..p....................{......pz..@............p..(............................text....V.......X.................. ..`.rdata..~....p.......\..............@..@.data...P............x..............@....rsrc...X............z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\iNetSafe.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):383720
                                                                                                                                                                      Entropy (8bit):6.579374990134974
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:oG1pYD09uIwtl0F1LrheKG/HYStQGz1DAOoQGEnb5bj1hFu:X7g09uRlYeKG/DHegbjs
                                                                                                                                                                      MD5:3CE009AFF2FE459A8248693AC8DAB788
                                                                                                                                                                      SHA1:607444A7B8AB2E17C525BBE0B28878C3BD0F8099
                                                                                                                                                                      SHA-256:11856EE1D754D31AF95F1047CE6B68CA2395C703A995525FA5D9E4A2678D0B86
                                                                                                                                                                      SHA-512:1AB4ECB89B07F09985B57F0D546FE6063D8ACEDE435F74075EF9A37288F7D9D19DF168AAEDB38093D88BA2E515CBDABB23F87163AC8FCF9A706448B0F4FC2774
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......d_f4 >.g >.g >.g...g->.g...g.>.g...g=>.g)F.g">.g...g%>.g.`.f4>.g.`.f.>.g.`.f.>.g)F.g">.g)F.g3>.g >.g.>.g.`.f.>.g.`.f!>.g.`.g!>.g >.g!>.g.`.f!>.gRich >.g........................PE..L.....8e...........!........."....................pe......................................@.........................0...................8...............P,.......L......p...........................0...@............................................text...}........................... ..`.rdata...O.......P..................@..@.data...p^... ...0..................@....gfids...............:..............@..@.shared.x............<..............@....rsrc...8............T..............@..@.reloc...L.......N...^..............@..B........................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\iNetSafe64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):406248
                                                                                                                                                                      Entropy (8bit):6.190903413261375
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:OazgQG4JdLe2p+teZ3q9y/3clyMEcLeowam/xohKKJJT2pgJ1JhfQeUnZdnkewZ:HgVGemGeNlYbR2am/xolx0nZZjm
                                                                                                                                                                      MD5:E5E4828980E5C836163382F9642D4D24
                                                                                                                                                                      SHA1:E8BFB72EB75D20DEEA9152089B7092E07F2EF2F3
                                                                                                                                                                      SHA-256:639EA37856839C2D5446A82441D7AB94204EE1172487EB88E9AC1CEB6261D554
                                                                                                                                                                      SHA-512:6F621EC441CA46CC48A48056F8E278FF746ECABDAB1933C0FEE18574EE366BD9721487D6462746B6874A5B2CD4D8FC327B5089F351CE8086E10061791034794B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........o-a..C2..C2..C2.h@3..C2.hF3Y.C2d..2..C2.f@3..C2.fG3..C2.fF3..C2.hG3..C2.hB3..C2..B2#.C2RgJ3..C2RgC3..C2Rg.2..C2...2..C2RgA3..C2Rich..C2........................PE..d...j.He.........." ................l................................................t....`..........................................J.......K.......P.......... 1......P,...`..........p...................p...(...p................................................text.............................. ..`.rdata..............................@..@.data...,F...`..."...H..............@....pdata.. 1.......2...j..............@..@.detourc.F.......H..................@..@.detourd(....@......................@....rsrc........P......................@..@.reloc.......`......................@..B................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\ieplus.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):887648
                                                                                                                                                                      Entropy (8bit):6.72536750906441
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:rMl3YXVguMMrGA+64Z/fOl7FPZ1ZGf4a9nCFECq3N:Q0LMe4ZHOFPXZGfNCFEzd
                                                                                                                                                                      MD5:CFB50C3C7D74F518CA9E2828E702145E
                                                                                                                                                                      SHA1:E38FD98574C08BCC6415E62EA7C9A380958A3D1C
                                                                                                                                                                      SHA-256:1C8FF953478CC71166A36181ED32AE7C48B267B011240DB2C701E35D391A66EE
                                                                                                                                                                      SHA-512:BD08332BDB78614F1CDFD2E4939B1B9400476D99B50996C17C0277ED76DB5972FAC5EC77DCD4C56459DAA11C6126DC12D66A4E59122DC9B8D89FF6DF89B83240
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%.U.K.U.K.U.K....T.K.K..R.K.....S.K.....R.K....p.K.U.J...K.\...C.K.\..v.K.\....K.\..L.K.\..T.K.K..T.K.\..T.K.RichU.K.........................PE..L....N.]...........!.....f..........................................................^]....@.................................L...,........j...........V...4...@...s.. ........................6......X6..@...............d...\...@....................text....d.......f.................. ..`.rdata...d.......f...j..............@..@.data...........p..................@....360_iep(............@..............@....tls.................B..............@....rsrc....j.......l...D..............@..@.reloc.......@......................@..B................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\ieplus64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1001320
                                                                                                                                                                      Entropy (8bit):6.375963793592453
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:DaG9UYtX8J3EfBCMwM9E4jRcoI237MSW7/HTdPSYPJBhnHRxd/c:Dx9UdYRwM9EWI23wSWHdPTJB5dE
                                                                                                                                                                      MD5:074CFA8CC35DC642A2B95CC96CE5357C
                                                                                                                                                                      SHA1:CEE218C914D530BE6C9BB9531E78F2137224D5A8
                                                                                                                                                                      SHA-256:4DE592C87C443780B5D475414196B3C5406ACEC8809EA65AF45A50E7E43462A5
                                                                                                                                                                      SHA-512:EF776EB824F4C3152A380B3EC2858A11A96E48711C213AF905FE2B0A972F9CB4A7D83B4B96848DB0B478AF4D19623CB8AC0E5F8FC47007B39E0F16FC2E5FC851
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........../.p.|.p.|.p.|..@|.p.|.?\|.p.|.._|.p.|."N|.p.|V.v|.p.|V.t|.p.|V.s|.p.|.p.|[q.|..I|op.|..N|.q.|..X|.p.|."^|.p.|..[|.p.|Rich.p.|........................PE..d.....].........." .....V..........|................................................-....@.........................................0y..g....W....... ...j...P..H........4......8...p{......................8;..(....................p.. ....V..@....................text....T.......V.................. ..`.rdata.......p.......Z..............@..@.data............n...d..............@....pdata..H....P......................@..@.360_iep(............|..............@....tls.................~..............@....rsrc....j... ...l..................@..@.reloc..d".......$..................@..B........................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\imhelper.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):247528
                                                                                                                                                                      Entropy (8bit):6.604794755347589
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:2Y77YOcw6BdKQYuVXsZy54tgQCkW30W9ezJQ4mRan5kiINyyT7PK0AMZcan5aj9b:n7YiJEIy54gFogRa0Nl/N1Sjl5yxAl
                                                                                                                                                                      MD5:9B05B1F0E62DD100D385807262B84A90
                                                                                                                                                                      SHA1:631449787D7532A855CB061E333C0712AC20E753
                                                                                                                                                                      SHA-256:6BC0133A16C7F058E5C0B6027929DB1145D37717118DBCF24013FA4F2D79E848
                                                                                                                                                                      SHA-512:9F43A542B38D998038D20467BB797CF789A36666F4B8154A548FD6E7BA24A20256C9A0BAB64CD43CB12BEBF704A524FE35F9652FA399237A3F0AFB3BF8670676
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*f.*n..yn..yn..y.Hmyo..yg.ny}..yI..yy..yn..y...yI..yo..yg..y*..yg.xy...yg.qys..yg.iyo..ypUoyo..yg.jyo..yRichn..y........................PE..L...N{.e...........!.................................................................N....@..........................R.......B..........................P,.......&..0...............................p...@............................................text............................... ..`.rdata..............................@..@.data....\...`.......>..............@....rsrc................Z..............@..@.reloc..h7.......8...`..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\ipcservice.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):705768
                                                                                                                                                                      Entropy (8bit):6.685295160437571
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:S/20NCvMDhBsqLeIQA2BcMNcYB1mF5Q3LNOsbwbekwCYgLECHqa7XWpbt9o9TehK:e2KC6hBs6f2Bcm65sO8wACHqaTQJe9Tn
                                                                                                                                                                      MD5:8B632FD2D4EA70470AF97CD5E88F74D7
                                                                                                                                                                      SHA1:9E384D37EB586E9B187F4FFF89C2F104A7921F44
                                                                                                                                                                      SHA-256:AFCBB8BCE2E5C8C5E9AA851941E626A62573E6054EC75C14066AD37726BB9DB6
                                                                                                                                                                      SHA-512:5F7EA2BF6599AA9E0C44C2820F89DF0827EEBD8A037C9DF2AF516D9865BBEEAF31CAC89AF7214A59BD4B25F2BF7EB94E257AA2766F1D12892E1C34E78776F5E1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,B..h#.h#.h#..,..j#.a[J.p#.a[U.d#.vq[.l#.a[L.K#.h#.#".a[\..#.a[[..#.a[M.i#.vqK.i#.a[N.i#.Richh#.........PE..L...X.Le...........!................L.....................................................@....................................@....p..8...............P,......Pk..`...................................@............................................text............................... ..`.rdata..............................@..@.data............6..................@....rsrc...8....p......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\jpnative32.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):202472
                                                                                                                                                                      Entropy (8bit):6.660474984647205
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:jLH6l5IoUzqiNVwzQyaT0NQgepguwz+uQJOAg0FubAIrnXrsFCAsKIP0a:SluoK7QiToQdeAOpLAFCtKha
                                                                                                                                                                      MD5:0EA1C58DEDF685A4A1EEB1C7BD1C972D
                                                                                                                                                                      SHA1:66CA439A737A35FC936D2C8F990AD3538D9F2CDC
                                                                                                                                                                      SHA-256:41780A7339545676A2D587CD5BCEA9181E6FAAF3EC73C5006D7D76B47B98A6F2
                                                                                                                                                                      SHA-512:D16B0A12EE38399C4B05F38E0CCCAFA6BD4984C353AF845337F3E5E8D64AAF3D9B1561E423C5CA59D2652EB083E92FB8832168989B34F11465AD581A39739BA7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~...:gx.:gx.:gx.....7gx......gx.....'gx.h.{..gx.h.}..gx.h.|.%gx.3..=gx.:gy.Zgx...q.8gx...x.;gx.....;gx.:g.;gx...z.;gx.Rich:gx.........................PE..L......d...........!.........*.......\....................................... .......A....@.................................P...P.......................P,..........p...p..............................@...............D............................text.............................. ..`.rdata..............................@..@.data...H...........................@....rsrc...............................@..@.reloc........... ..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\jpnative64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):247528
                                                                                                                                                                      Entropy (8bit):6.255611405833788
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:MzlHNKfmGZoRwaQDy4ikigoh7Chpq8eFiybV:6tp9QD7ihgohCQFh
                                                                                                                                                                      MD5:9380B590C9BE993F3F253469D0933765
                                                                                                                                                                      SHA1:0DF57C8EA3D19DCEE142F03D0D6FF4DA7EE5BCCA
                                                                                                                                                                      SHA-256:CB8BE7A72561A379B122AB70CAE681840009CE71C9C50B819B2B9E8CCC7A5B73
                                                                                                                                                                      SHA-512:2277F388E10D8D579203F7546C30DD314C4BA0AEAC0CFBDBB7F393FBFE54F7ED60FBEDB31E524275112D9E1BDB9F5CB24AC02259ABBC096A81E8CE2D32B87F6A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.T...:...:...:.u.9...:.u.>...:.u.?...:.H.9...:.H.?.,.:.H.>...:.u.;...:...;.E.:...3...:...:...:......:......:...8...:.Rich..:.........................PE..d...A..d.........." .................c...............................................8....`..........................................\.......\..P.......................P,......|....&..p...........................P'...............................................text............................... ..`.rdata...U.......V..................@..@.data....'...p.......V..............@....pdata...............f..............@..@.rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\leakrepair.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):705504
                                                                                                                                                                      Entropy (8bit):6.635093248285898
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:GngcmdomAFsBeQsv5REGqRXkgVP73MfsPF9vyt2nSyv9K:fLAFKsv5ROkgVAfsPTyEnD9K
                                                                                                                                                                      MD5:C40E8A502AF91ACA96B85AB36CBE818B
                                                                                                                                                                      SHA1:004141E75604502E2EA30C5760008368C36850D8
                                                                                                                                                                      SHA-256:A10966CC2785845DC296D90EF9C97ABA865BD06DF1A8A7006A7EE53EBD2152FB
                                                                                                                                                                      SHA-512:219630292A8CF70311F06DC1F3A99BA948E7E7BBAB937B0F5B928121838B79FE851B70650BFFD07A4F36A22E2A7B34DE4461D8F4C97FC1322026CA2C5C2E31EF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........fP...>..>..>..v?..>..o=..>..o:..>.l;..>.0n?..>.?u;..>.....>..n:..>.j:..>.j;..>.6....>..n;..>.2n:..>..`;..>..`:..>..o;..>.2n;..>.l:..>.l8..>.l?..>..?..>.4i;..>.bj;..>..n;..>..n>..>..n...>.....>..n<..>.Rich..>.........PE..L...].$a...........!.........z............... ....{5................................b.....@.........................@...0...p........p..................H?......XS.....p...................P.......H...@............ ...............................text............................... ..`.rdata....... ......................@..@.data... 7...0......................@....rsrc........p.......&..............@..@.reloc..XS.......T..................@..B........................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\libcurrant.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):966376
                                                                                                                                                                      Entropy (8bit):6.564045153487216
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:3lzYxkj819KdVtUSPczJfKbM1aIjvI7BxwwuDFkrwtFkUHUZ0sIPbtYUkXAJfTSH:1zge8XKdVtUSPczJfKbM1aIjvI7BxwwH
                                                                                                                                                                      MD5:A9FF3D29AF8CCA5D3C90F17709EB0548
                                                                                                                                                                      SHA1:7F4B69366BA3BBB7BF08206FEA672C807CC2B562
                                                                                                                                                                      SHA-256:45E8B5F32CDE9201278500DF961133AD26AD60C531FCFD77D3D26FEFF105FFD0
                                                                                                                                                                      SHA-512:F043D1599D57B1E86D97CA1E81CF81FF0B3C97B95F1134ABF6DEEAC615F37645A825363315F5FB2139286BB5AEF5FA26C375E829AEC897C27CEA30199310123C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$................e......e..*...e...................g....2Y-....................i.....y......}....................}.........Rich...........PE..L......d...........!.................d..............................................`.....@......................... ...H...h...x....p..@...............P,......@j..@t..p............................t..@...............L............................text............................... ..`.rdata..............................@..@.data...............................@....rsrc...@....p......................@..@.reloc..@j.......l...$..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\libgravity.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):871144
                                                                                                                                                                      Entropy (8bit):6.407442398411684
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:hgjR9MABH2uK50bPcjV/3WU020ZQA8NM/rmn:ghB1W3WUVeC
                                                                                                                                                                      MD5:9A88DC21D3AC42ECA184F37297387BDF
                                                                                                                                                                      SHA1:2F82552EF8F4B6A10356441CD158F1A0C5905913
                                                                                                                                                                      SHA-256:466DF96D59B878EC6775ECC4D497B71CCD73CB11FBB2C2B23575EFE055BFFB75
                                                                                                                                                                      SHA-512:1136D371771A71D329910ED9BDBF8243F74AD19FCE75F9A8712BC1E1E53EA3EF3722D4E067AB5567366D40D2637AF7E119E7E31734DDB57BCEE126CFE932C37B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......U-.}.L...L...L..3,./.L..3,./.L..3,./.L...L...L.......L..C$./.L..w$./.L..w$./.L..C$./3L..C$./,L..3,./.L...L..]M...%./@L...%./.L...%,..L...LD..L...%./.L..Rich.L..........PE..L......c...........!.................P..............................................._....@..........................{.......|....... ..8...............P,...0...s..p&..p....................'.......&..@............................................text...U........................... ..`.rdata..............................@..@.data....}.......&...|..............@....rsrc...8.... ......................@..@.reloc...s...0...t..................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\libscent35.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):927976
                                                                                                                                                                      Entropy (8bit):5.917840435230856
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:Syp5QtiR2fVE00WKL+YD5ndNpKrtvKXVsFpJppn72z+T73P+2QHkgFrGCZK:1POE00WKd5ndNpKrtClsFXnhT7ZAkgxO
                                                                                                                                                                      MD5:158D719030DBD08384235B165FC211CF
                                                                                                                                                                      SHA1:A8161B15C0BC6576829DA4BC0732794B0AB2E37C
                                                                                                                                                                      SHA-256:BC33C91BE3D31557B16F2B91B90DE96580C3CD2510E3C3D3B77E3D4CC8DBB0B4
                                                                                                                                                                      SHA-512:383E551FFC50D17E9A5B466E996614B5AF35BEB48A72A47CB7D5A35B68D68906E5ABADDAEABD439AA214BE28E7A27FBCA3872537D65D33CA64A53B513A924EDB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?.(e...........!..................... ........@.. .......................`.......7....@.................................P...K.... ..................P,...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........o..P............b...............................................0..M........(....~.....X.....r...p~.........(....(G......r-..p~.........(....o....}....*....0.......... ......{....rU..p~.........(..........(....o...... ...........%......(.....%......(.....o.....o.....o......ry..p .....o.....(~...o.......o.......+.....X.....o....o....&...X......i2..o....*.0...............(.....4........(......-.r...p.....(....(....s....zr...p.....(....o....(.........(.....s|...%o~...%~

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\libzdtp.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):575720
                                                                                                                                                                      Entropy (8bit):6.4118078561661545
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:FoblSYniV7pA1yJVyfI1+RZSihzvjZh2Tx4UTFAzmp4ZZPy1KlU1E:sfI1+RZSiz2VlTF+XHlU1E
                                                                                                                                                                      MD5:82DE25B17C3B9D6BB253B6BE7AD2FEA1
                                                                                                                                                                      SHA1:6F6BCF23753F161D4DE444978C3EBC003D361B2D
                                                                                                                                                                      SHA-256:165FC9F929853B4AE8603BB0C7807456B99871A7C8E9078F95D954C466A7172D
                                                                                                                                                                      SHA-512:71EA0FE18F1EBDA98067460E6661FC108E7116E71651B0D05FB8365BDA92E1DBF02B89D20DF6B47C7557AC52877ED8EE503373164079C0F5C62EBF16439867C4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$....................r.i....r.k.I...r.j....c.....c............X,_........................................n....n.....n.g..........n.....Rich...........................PE..L.....(e...........!.....v... ............................................... ............@A........................@...........x.......X...............P,......lJ......p...........................p...@............................................text....t.......v.................. ..`.rdata..\l.......n...z..............@..@.data....c.......(..................@....detourc.5...p...6..................@..@.detourd$............F..............@....rsrc...X............H..............@..@.reloc..lJ.......L...N..............@..B........................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\libzdtp64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):682216
                                                                                                                                                                      Entropy (8bit):6.095070464124169
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:rhqnA1JpofoqtokijtH2OMoVTP94CCIKGJToFTz/goFZKk:VqnALpPqXq92bEx4CCIKGJToFTz/gox
                                                                                                                                                                      MD5:3D7564C3B97E0DCC859CE8FAE51BF196
                                                                                                                                                                      SHA1:F6588DAA615A45E375AB4CD8153A3D9BBDC476C6
                                                                                                                                                                      SHA-256:73D11EF506C2282DBD45C4758F6C6B1352C596B1EC684BEF30778965D0774F1B
                                                                                                                                                                      SHA-512:C6021111CA8F0B8BBD111F85397C0F91DD2423B9168711296B484190CF5C43CABE6215AFE4533881F0F285FBB201D4974D7343E92F33681B1983BB1770110246
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$........C".."LA."LA."LA...A."LA...A-"LA...A."LA.KH@."LA.KI@."LA#..A."LA.JO@."LA.JI@."LA.JH@."LA.Z.A."LA.Z.A."LA.Z.A."LA."MAd"LA.KE@."LA.KO@."LA.KL@."LA.K.A."LA.".A."LA.KN@."LARich."LA................PE..d......e.........." .........*.......^..............................................9.....`A................................................d...x.......X.......PF...<..P,..............p...........................0................ ..x............................text............................... ..`.rdata....... ......................@..@.data........0...F..................@....pdata..PF.......H...d..............@..@.detourc.h.......j..................@..@.detourd@...........................@....rsrc...X...........................@..@.reloc..............................@..B................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\lockkrnl.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):628184
                                                                                                                                                                      Entropy (8bit):6.631864802737484
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:Q9tUcJqS8DI9baOCmIJkPI9VYxPmb3pJ3xW2orMvM79G:GWKqS4OjlPUkmrpzWdSM79G
                                                                                                                                                                      MD5:BFF0CE8D5C44994EF19F63D63CC29EEB
                                                                                                                                                                      SHA1:B2837190927EE952721DBD5127C426D28FED9230
                                                                                                                                                                      SHA-256:08C6DDD72CD481672476625BAB435993F2F0C85F835B0313C593F46C49DE6781
                                                                                                                                                                      SHA-512:F527BB56DA57CA6BACDBA7871D65E48CA6ADEFE7F61240D766A6881C301B63C60063A09FA73E8BC64F40A01AD038B446B660A8ABC7719B84F1C6FE3654551420
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........<W..]9X.]9X.]9Xh-:Y.]9Xh-<Y=]9X.5<Y.]9X.5=Y.]9X...X.]9X.5:Y.]9X.5=Y.]9X.5<Y.]9Xh-=Y.]9Xh-8Y.]9X.]8X9]9X)40Y.]9X)49Y.]9X)4.X.]9X.].X.]9X)4;Y.]9XRich.]9X........PE..L....k%b...........!.....^..........=X.......p......................................c.....@.........................`................0...............V..@?...@..8F..pp..p............................p..@............p...............................text....].......^.................. ..`.rdata..jy...p...z...b..............@..@.data....8.......(..................@....rsrc........0......................@..@.reloc..8F...@...H..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\mobileflux.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):117064
                                                                                                                                                                      Entropy (8bit):6.436398487030181
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:pxNcrXn306zvccqtaGYvPCa/I7206aawWKxocUoiZw+BpQR9oLMm:pXcD30gccqtanCM0Wwiw+BpQR9oL
                                                                                                                                                                      MD5:80907BE35290D47A8C6DF50A0B44DECF
                                                                                                                                                                      SHA1:DBDDA59DD78716AD28FD37BF2619FC183D27CAE0
                                                                                                                                                                      SHA-256:4C4853E4F3990FFD0B3D6EB1436A885559564C1065C26490B777EC9D3586A5C4
                                                                                                                                                                      SHA-512:09D05C3133569548F4F231F0E06F6F29D57195C927B908F973CB05ABDE6214CA1E07399CB32EA5EC02635D81409B2A8F8F6BDA21F6B51B2A02115C2DF95B3B88
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m..)g..)g..)g.. ./.8g.. .9.Mg.. .>..g......:g..)g..g.. .0.!g.. .(.(g..75..(g.. .+.(g..Rich)g..........PE..L...%..S...........!.....,...|......H........@.......................................O..............................P.......4u......................................0B..............................._..@............@...............................text....*.......,.................. ..`.rdata...A...@...B...0..............@..@.data..../...........r..............@....rsrc...............................@..@.reloc..~...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\netmstart.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):171592
                                                                                                                                                                      Entropy (8bit):6.633100643329799
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:2g5d8g4gNv+wAGzpjdNwCR5t9Owr5HQ6UnsaP5YCnF+wFxDA:xDRpSs5t0u5wbfQ6E
                                                                                                                                                                      MD5:FF07224F63F62ECC5C6F2DED09DEB0AF
                                                                                                                                                                      SHA1:D3ADF969B20A3E42032E60A87DBD69834A748C1A
                                                                                                                                                                      SHA-256:A9F37F82413889A66F7063991F5C2E6DBA05A35A245891039204A478DE318357
                                                                                                                                                                      SHA-512:92B763A682C9F479F539AA945F245940351983EC04829FB6D614BB7ABCADE60E2205244C583F63547CF83F4819503529FF01411E08C9CBA26972222D2520AA4D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..X.y...y...y...+-..y....<..y....*..y....-.*y..5....y...y...y....#..y....;..y...+=..y....8..y..Rich.y..........................PE..L....].[...........!................F.....................................................@.........................`...........x....p...............f...7..............................................@...............4............................text............................... ..`.rdata...N.......P..................@..@.data....L... ...(..................@....rsrc........p.......8..............@..@.reloc...".......$...@..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\np360SoftMgr.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):243944
                                                                                                                                                                      Entropy (8bit):6.56760832272308
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:YdtvVq01U5wXzfoUEwDTw3lCovmHDBYOfdv2xJ82wEdl/NPgqddBumr5365mwkq/:yNI0O4awI3AYqYEv2QIdZTJJYD1Y1a
                                                                                                                                                                      MD5:FA85435627D31663BECB82EFFDFBE2BB
                                                                                                                                                                      SHA1:C3D9EEA92EF90E652F500A1F900DA4E20A010C2A
                                                                                                                                                                      SHA-256:7E0343BC0108526442E8B3FE7E538272FA6240E425BD8F318924573B59BD9DFB
                                                                                                                                                                      SHA-512:7DA0E76E88D8E78D23E7E6BE0A184BF52DF5032113DFEBE087C3463AD990BE38CD4FD34586CCD367B381AE749F16E04573CF91E4B3D7A235A865D175FAACBDA8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................f.*......)......?.......8......}........z.....6.............(......-....Rich...........................PE..L....6.e...........!................3.....................................................@......................... G......\:..........h...............P,..........................................@...@...............<............................text...x........................... ..`.rdata...x.......z..................@..@.data....D...P.......<..............@....rsrc...h............T..............@..@.reloc...-...........\..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\npaxlogin.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):404296
                                                                                                                                                                      Entropy (8bit):6.509440609680588
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:iwa9e5G4aES0Qux3nNj43ziT7U2mSBzRD44shPBTLaqqDL6UbwHUu:Y9exL3u0U2pBzm4sxBTrqn6Unu
                                                                                                                                                                      MD5:630AE5740C702AF919BAED414DE8CFE3
                                                                                                                                                                      SHA1:26A50EFF049B2DBC24BE11411032172E82B37B04
                                                                                                                                                                      SHA-256:C3F08B4843DAF466148EE99DBD0D300B2A92BB695FCDE001E288189A3582300E
                                                                                                                                                                      SHA-512:A714A6F13CE33D8EC31772F180F611C491110D438019D4FCD88F2EB114B41FBD28878B8B9C6BA723D892405DC825917EF1D4868FFB66069ABE49E5AF286F491F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......0...t..,t..,t..,}.|,y..,}.`,n..,}.f,o..,t..,h..,}.v,...,}.q,...,}.g,u..,}.a,u..,}.d,u..,Richt..,........................PE..L...[AVS...........!.....N...................p...............................p............@..........................x...... f.................................. 5...s..............................8...@............p..d............................text....K.......L.................. ..`.orpc...3....`.......P.............. ..`.rdata.......p.......R..............@..@.data....Y.......:...\..............@....rsrc...............................@..@.reloc..hc.......d..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\ntvbld.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:MS-DOS executable PE32 executable (DLL) (native) Intel 80386, for MS Windows, MZ for MS-DOS
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60896
                                                                                                                                                                      Entropy (8bit):6.847633229504993
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:NnCuEmXB5UMI3nhKrbZCWg/0/NC8hUDVsa0T1zj9KyhaMQNDG0uKjKj9MPgkz:N7Rx5Ulll8/H+x0T1zj9lHeMy
                                                                                                                                                                      MD5:690612154E7E5233AA980016CEAEDEDD
                                                                                                                                                                      SHA1:9B16E2F3D799EA506AA6A8F53FA4DEB36D73F5D4
                                                                                                                                                                      SHA-256:FFB81D34A14B5837AC713657F7892E790F85564BC2BA792025B0F9E9E0959AD7
                                                                                                                                                                      SHA-512:1F93AF0CA40DB562F7ECDBF19A0D899044BCF1F181B03E57E6B6F2C72F532652798023612BE9DEFE6261D631D10898D30ADB28EEFF922B72734B4DB27189C210
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ!..... ..........e..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ntvbldDXML..$............!.L.!........h.T.....................q.......q.......q.......q.......q.......q.......q......Rich............PE..L......a...........!.........\......2=.............p................................s`....@.........................p...........(.......h...............H?..........................................0+..@............................................text...v........................... ..`.data....F..........................@....rsrc...h...............

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\pluginmgr.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):171848
                                                                                                                                                                      Entropy (8bit):6.451554967739461
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:NQbFXbsJHCPNUzpNd0hq6pPyNVD/fAudYMi429OYHUMu73zE55C8f:atWpnztVLffdYLN8YHa7w
                                                                                                                                                                      MD5:9828C8A355EA0F393260D6E3F7D511E5
                                                                                                                                                                      SHA1:DC587D4215DC083A35E4BBEE095FB3FB07A73C33
                                                                                                                                                                      SHA-256:B0D6D85D02E7650E03AB9AD04E90341EF6F5421DDC2AAA7AE65692944C298671
                                                                                                                                                                      SHA-512:178D1AF5ABB116762C37714F2C142DB02BE9AF8B0C9BCD4948DE122583A9C815E1AB1F709E3167A096947CCCCD6ABEDC4BAB7ED405D207F097BD35640926205A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........xL.+L.+L.+..+M.+E..+^.+E..+1.+E..+u.+k..+].+L.+..+E..+].+E..+M.+R..+M.+E..+M.+RichL.+........................PE..L...P.LS...........!................D.....................................................@..........................2..M....'..x...................................P............................... ...@............................................text...'........................... ..`.rdata...S.......T..................@..@.data...HU...@...,...(..............@....rsrc................T..............@..@.reloc...#.......$...^..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\probe.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):304640
                                                                                                                                                                      Entropy (8bit):6.443933218835315
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:1AXDdMpEeHyH/D1kApvwp+ZniFARcRdhAGXPR:1Az6WeHyfDOAdwp+doARcRdh5Z
                                                                                                                                                                      MD5:BB752561CE0859324FF01369BA8D25CC
                                                                                                                                                                      SHA1:8C42AA1FF9060E58CFFD0EE9997DF134FB3E8739
                                                                                                                                                                      SHA-256:A243D55655789EF26972546B7DC9723953564F52AE1C46087CCC2DB96F5B8D83
                                                                                                                                                                      SHA-512:0C493C6868F4E2D90E3FCD6B71116769F2FA2F61740BCB9671B1DEEFC4628BE05E4441CA2008F6AD3F72BAE7C14028A7565CC2FBE68478E620F3CF9418357182
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&PLYb1".b1".b1".kI..s1".kI..^1".kI...1".E.Y.o1".b1#..1".kI..n1".kI..c1".|c..c1".kI..c1".Richb1".........PE..L....r.\...........!.....`...........?.......p......................................Cd....@.........................@%..B...X........p...............n..h7......@#...r..............................(...@............p..d............................text....^.......`.................. ..`.rdata.......p.......d..............@..@.data....6...0......................@....rsrc........p.......2..............@..@.reloc...0.......2...:..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\qroscfg.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):138056
                                                                                                                                                                      Entropy (8bit):6.637936005523512
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:LKDfRbUTKLoDy1wSSH/2Lq62enAhXx2+EKI:KJITHu1wZf2Lq62UAh6
                                                                                                                                                                      MD5:F62317FC61CA698D45A54C0F7A8A78B8
                                                                                                                                                                      SHA1:F61D256EA3E3DD85CE7C44DC61AACC93E720F692
                                                                                                                                                                      SHA-256:59DC54DD624E26D07EE8A908476EE67DCC3B6BA690F566C30B5522B6DCB8EE85
                                                                                                                                                                      SHA-512:C06E046EDB18EE40D63411AA689280A73EBBEF3CE6977C51F629C43E6A6314895BCF2270E43CB1D9DD847B33874BC812778ACCEC07ED0FBFB9791556027FFCAD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./.j&k..uk..uk..u...ui..ub.uz..ub.uR..ub.u...ub.ux..uk..u...ub.u|..ub.uj..uu.uj..ub.uj..uRichk..u........................PE..L.....,S...........!.....N...................`...............................P.......T....@.............................L...\........ .......................0..T...0b..............................8...@............`...............................text....L.......N.................. ..`.rdata...k...`...l...R..............@..@.data....A..........................@....rsrc........ ......................@..@.reloc.......0... ..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\qutmipc.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):170856
                                                                                                                                                                      Entropy (8bit):6.55483314591404
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:4JJiNkByXIzFu3wK672soO82qUyleRR2v6eY8lMnu+wqH6F3:477yIzFfKTsS2qUKeXC5lRR
                                                                                                                                                                      MD5:7EE49A57339ABCC35FCDE25D3F5EE8D9
                                                                                                                                                                      SHA1:7A7F471DADD973CA57C79C43D93828B4496570E8
                                                                                                                                                                      SHA-256:DC477A4B41CA92D94CB7092B458F35DEF2EF6F9A0B23A237A363E341E22AEABB
                                                                                                                                                                      SHA-512:F978F6C882D80CFD87B2EF75EBB1C18C9BFB6759D28C0F503395217373AE241E5B08212D4D42373F6B94AFFBF775959E06BD1CAD5D09C488DC139906A0D4AB4B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$...`..R`..R`..Ri.]Rk..R.BRb..Ri.ARr..Ri.WR...RV..Rb..RV..Rc..Ri.GRq..R`..R...Ri.PRZ..Ri.FRa..R~.@Ra..Ri.ERa..RRich`..R........PE..L...f..]...........!................K.....................................................@.............................a............................f...4..............................................................d............................text............................... ..`.rdata...O.......P..................@..@.data....n... ...(..................@....rsrc................8..............@..@.reloc..<#.......$...@..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\7AF5081\qutmload.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):111336
                                                                                                                                                                      Entropy (8bit):6.7222941004358425
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:PTxwTSQCdxm/78XLv6JYZeD9GIn+uowP0T:PCzCeeeYAD9E5T
                                                                                                                                                                      MD5:8719E73BC84D506FE7F0D367AE46ED20
                                                                                                                                                                      SHA1:D60A1FF7B2478ACDA7C5C1730E0B963594311FB9
                                                                                                                                                                      SHA-256:C110E1FF4F233669F1E035129E137ACED1A3632D17A8302502D160DC16FA9AF0
                                                                                                                                                                      SHA-512:AE00044E9EE7B5AF66105067877AFD68D79ECEB6C945CC07F390D15A2E1C0832C578146E6B0657FD8A29F865EC6DB78DEFEB7C1BA7E3AF0D1427EFD22A67F8B8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........z...z...z.f.'...z.....z.......z...{...z.....z.....z.......z.......z.....z.....z.Rich..z.........................PE..L...Z.Xd...........!.....Z...........A.......p...............................`............@..........................X..[...TM.......0..................P,...@..t... ...............................8%..@............................................text....Y.......Z.................. ..`.data........p.......^..............@....rsrc........0.......d..............@..@.reloc..f....@.......j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\decoder.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):220616
                                                                                                                                                                      Entropy (8bit):6.541764938067898
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:Mskjyi8Ot6MXdDJy9YdP5YrRDApRx3DZJdzR5coPlGiSQDg2FCwVY+p5nvRVE9M:WWutRW6dxzRjBPohEC+NvRVl
                                                                                                                                                                      MD5:C098B1C216866D9CA0EEAE0A46A46A0A
                                                                                                                                                                      SHA1:B68890EBC6AF792CAC62AB0E2ADE6A7B777C58AE
                                                                                                                                                                      SHA-256:0960F28F586617647F16CCB2AD9B38FBA521605015A4C51F661D4BCECA251DB0
                                                                                                                                                                      SHA-512:FAC75162310F554BACCB49B5B88EBCEAA8B288E7ACA010E0B364077DD2738CD0D484633BEF7270FAD064813A7B01B7D26E000C0561D20925FA5A6EA902D452E6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e..4!.dg!.dg!.dg..gf+.dg..af..dgA.af..dgA.`f1.dgA.gf7.dg..`f4.dg..ef&.dg!.eg..dgE.mf~.dgE.df .dgE.g .dg!..g .dgE.ff .dgRich!.dg........................PE..L...~..b.........."!... .d... ......O................................................C....@.........................@...........<....... ............:...#......t ......p...........................(...@...............|............................text...lc.......d.................. ..`.rdata..B............h..............@..@.data...DV... ......................@....rsrc... ...........................@..@.reloc..t ......."..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Program Files (x86)\WindowsInstallerFB\holder0.aiph

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):42772742
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                      MD5:AC8333E626462FA7170FE7C14F946DF1
                                                                                                                                                                      SHA1:2E61E7E37526D1AC113323F3250F363909CBD3DD
                                                                                                                                                                      SHA-256:2542AD5E787990ED3597A062104628FB43AE3039DC60A3E95184B604849D4ECE
                                                                                                                                                                      SHA-512:47014486410805F498FAECABB2825BD9A61153DCEC58756743BAAE75DF0A67D417A13E873828E63D961804B22377C4830F00C95F91202E33A9EE693EB4524EB8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):71954
                                                                                                                                                                      Entropy (8bit):7.996617769952133
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                                                                                                                                      MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                                                                                                                                      SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                                                                                                                                      SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                                                                                                                                      SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                                                                                                                                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):328
                                                                                                                                                                      Entropy (8bit):3.1440865988908953
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:kKXL9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:/iDnLNkPlE99SNxAhUe/3
                                                                                                                                                                      MD5:8E032218511C7E017F47429DB15D10C7
                                                                                                                                                                      SHA1:E8B201631773DAB33F07A3165FD5F64B5F292FF3
                                                                                                                                                                      SHA-256:467D93AC2F01E40BF70BA96DDB5DA8304F11EE945378E3BC9B2BE94615818AA9
                                                                                                                                                                      SHA-512:1BAB52E5B5DCA903B7A3FECF3D03C8A86E54A457229C34B8049563446C79C3E72B5C26CE4971B1AFEFB4D7ADFA54FC7EF400DCDCA8A7F6FFBB5D5086BCD945E6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:p...... .........`...Y..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                                                                                                                                      C:\Users\user\AppData\Local\AdvinstAnalytics\6627be3e20a59ade4c1add8b\1.1.6\tracking.ini

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):27
                                                                                                                                                                      Entropy (8bit):4.088220835496803
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:1EyEeBn:1BEYn
                                                                                                                                                                      MD5:4AE8A010782B10391BA0AF6F4DC3B667
                                                                                                                                                                      SHA1:48999DD7C62D642974049463C4418457572177D5
                                                                                                                                                                      SHA-256:C0B2445FCAA83FA4F12DCCEB286EAEB5D278E06DC27E549F49E1547B36A046D5
                                                                                                                                                                      SHA-512:96C1551461FDAFFDF8B9F37198FB2BC1CD18B0B27494E94705DD6A2AA1F4EA17C5014E0F2C54E6B436D796BED334FD6AD637D374804ED1815488D4801FC183E6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[General]..Active = false..

                                                                                                                                                                      C:\Users\user\AppData\Local\AdvinstAnalytics\6627be3e20a59ade4c1add8b\1.1.6\{F0B4B82B-A7D3-478F-96E2-0DDFB7126821}.session

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):13629
                                                                                                                                                                      Entropy (8bit):5.405928495232936
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:wc+aRPE8ZFt99vdn9SdCyLbOxP75OkV3SDRht4UZpvgttFqJzwY+slMPbRF:x+aRPE8ZFt99vdn98CyLbOxP788SD3tM
                                                                                                                                                                      MD5:B3FF5FEAF19888AF43A0F24F8B0E8BB9
                                                                                                                                                                      SHA1:B177D04A1F36C5111AFE2EBC60175599251705C2
                                                                                                                                                                      SHA-256:B236942EF200CB2FBE74684DAD91C7DAF07C2CE7E9205CA7B74FBB0A42BFB0B6
                                                                                                                                                                      SHA-512:753B24C8577ECFD24B9C5B86776EE4D2884DB714A8D67D2BABB3F55FF5E84FFD735BC8885B25570017D275226FA913262886827528C5996D4594727EA76320BF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[Hit {AB0884C2-7FA4-4AB2-A1FF-96C8D825E787}]..Queue Time = 0..Hit Type = lifecycle..Life control = start..Protocol Version = 3..Application ID = 6627be3e20a59ade4c1add8b..Application Version = 1.1.6..Client ID = C084191C5C3DF65BAF11A4370051FDEB0BDC5010..Session ID = {F0B4B82B-A7D3-478F-96E2-0DDFB7126821}....[Hit {6387921B-5471-4A27-9736-BB36D9A2BFA9}]..Queue Time = 0..Hit Type = property..Label = VersionNT..Value = 1000..Protocol Version = 3..Application ID = 6627be3e20a59ade4c1add8b..Application Version = 1.1.6..Client ID = C084191C5C3DF65BAF11A4370051FDEB0BDC5010..Session ID = {F0B4B82B-A7D3-478F-96E2-0DDFB7126821}....[Hit {4A8A2F0A-A8E2-4BA8-AE8C-15160C67AD11}]..Queue Time = 0..Hit Type = property..Label = VersionNT64..Value = 1000..Protocol Version = 3..Application ID = 6627be3e20a59ade4c1add8b..Application Version = 1.1.6..Client ID = C084191C5C3DF65BAF11A4370051FDEB0BDC5010..Session ID = {F0B4B82B-A7D3-478F-96E2-0DDFB7126821}....[Hit {6C2B1EE9-74BD-488B-B236-8AC7B4B94F30}]..Queue

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\11835\....\Microsoft.TransCompositib.msi (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):667648
                                                                                                                                                                      Entropy (8bit):6.655676024268379
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:G36HjCm6ltuRXQ/g+hVfW2LDzeLA5rJWutAWQSHOALXB:VCm6ltuRXKg+hVfWkDEA5tDuyX
                                                                                                                                                                      MD5:BA4ED2E6B25A8C9EDA3DA4CE85A5054D
                                                                                                                                                                      SHA1:C3B2EF12347E0C5206B4C3959FA96CD7F064F10C
                                                                                                                                                                      SHA-256:31370AB9ECAFEA8528D0C844C34B7721042C93A8E45278C4452B62ABAADE9182
                                                                                                                                                                      SHA-512:87C10EA2B82D79BD96CA453D808D937841A45CEE331E5914E5B9A7D6665BB41864D90E08E47F4000C1EEBC64F1E4035B010F545B2068B3604A7B8C87F1D30DBB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........xt..............a.......a..W....a.......l.......l.......l.......a..............*l......*l......*l......*l......Rich............PE..L....+.f...........!.....f................................................................@.....................................(.... .......................0...K...[..............................8[..@............................................text...cd.......f.................. ..`.rdata...Z.......\...j..............@..@.data....2..........................@....rsrc........ ......................@..@.reloc...K...0...L..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\1735434054\....\Microsoft.TransCompositio.msi (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):174304
                                                                                                                                                                      Entropy (8bit):6.858552596804119
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:Q0HJ5wo1/MJjozYJimE2BamDKigu/fgl1glfdjgBftJeCE5vLEnM7QrRz:/J5wUmhkmDKVuE1gQJeCERLG1F
                                                                                                                                                                      MD5:0D318144BD23BA1A72CC06FE19CB3F0C
                                                                                                                                                                      SHA1:91A270D8E872EA2A185309CA9CE5D9F08047809E
                                                                                                                                                                      SHA-256:60503684F39425C5505805A282EB010ECB8148BBF7EFE9BBA9CF33C507AF7F3A
                                                                                                                                                                      SHA-512:A3F3C7D84644B13868AC324947C2D678620E341E368B781D45F244A53F448D6B24BE7B50AC9908728DFBBB74214FCB46902137910E907F14F601518C0EFD215B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........k.A...A...A...,...H...,...;...,...Y...z...S...z...S...z...d...,...D...A...........C.......@...A...@.......@...RichA...........PE..L...V.]d.............................#............@.................................Z.....@.................................48..<....p..0............`...H...........*..T............................+..@...............$............................text............................... ..`.rdata...^.......`..................@..@.data........@.......2..............@....gfids.......`.......<..............@..@.rsrc...0....p.......>..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\24601\....\Microsoft.TransCompositia.msi (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):157184
                                                                                                                                                                      Entropy (8bit):6.4699325010744015
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:tJpAAXru5+rs45R7H0fABoTRo3hJjfP8mr:tJpAAXru4Fj6soT2LM0
                                                                                                                                                                      MD5:C50F56319C92BC129039E3860294AB5D
                                                                                                                                                                      SHA1:470ED2516A0FF86F25C7CEBE3084E238CA8879A7
                                                                                                                                                                      SHA-256:56E8A343602DDDC6D7B6A787827801A3D2BA69ABAF1C61874EF9286C2D288C6B
                                                                                                                                                                      SHA-512:20451481425424167EDF4D8C1562EBD7619D5FA0D4BB46C1C30840C9E63C617F94B281C294E3FBEDD290A76C543E4A1C3518B8E66D919743B9CC1F966D8E0CE0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`. ...s...s...s.w.s...s.w3sr..s.y.s...s...s...s.w2s...s.w.s...s.w.s...sRich...s........................PE..L.....#g...........!......................................................................@..........................=.......6..<...................................................................0...@...............0............................text...C........................... ..`.rdata...^.......`..................@..@.data....:...@.......,..............@....reloc..$........ ...F..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\5950109\....\TemporaryFile (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):58368
                                                                                                                                                                      Entropy (8bit):6.398722888372975
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:qjw1c0DJ1xDL8lCXy60KlCXy60vcbvM1id4xSu:T1HPxD2Cj00Cj0C00WxS
                                                                                                                                                                      MD5:56867EECC2042A0FD681F3B90D365A16
                                                                                                                                                                      SHA1:021DAC119F8E115E6DF308DB85BC8760078D9719
                                                                                                                                                                      SHA-256:48F8313380BC6FA33172888B8FD9874A6ED5465213BACB9F8D5C2BB3AB37BAEE
                                                                                                                                                                      SHA-512:EBB40D1E1A7F6B9E9480E544A67C9383D53A708547ACBA787BFD7C5699E491EAD7FAF714C5D84407B3D9A1DD2051205E0A299EAEECEB44422E3874C5E55CC65A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........FJo..Jo..Jo..%.U.Ho..%.W.Oo..%.c.Ao..%.b.Ho..C.Z.Oo..Jo...o..%.f.No..%.R.Ko..%.T.Ko..RichJo..........................PE..L...83^f...........!.....2...........9.......P............................... ............@.........................@...]...L...P.......................................................................@............P..,............................text...40.......2.................. ..`.rdata.......P.......6..............@..@.data...............................@....reloc..<...........................@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\5950140\....\TemporaryFile (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32256
                                                                                                                                                                      Entropy (8bit):7.484270190239562
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:tUqX/E3rJA4ZX6xUrLGwk9xAlvcuHnYoq7MNC3Il:tUc/+vKGnax8ESY17WkI
                                                                                                                                                                      MD5:63F6D9FECB240388D69CB668CFE50C00
                                                                                                                                                                      SHA1:2B67BB8AA45A9D0383E76F15E631C1131B28BB1E
                                                                                                                                                                      SHA-256:678D6ED15F6150BFD5BA8E823CF877C32BB492E8557E107FAC77143DAD3724F1
                                                                                                                                                                      SHA-512:176B096493206D2DADB17D778E959855DEEF0EC8D5343C09790CA6C067A338ECE44138FA9081888CAA2228A041D2A8C71B085AD8FEFAFE479505F667F6D2B7E6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#;\.gZ2.gZ2.gZ2..F<.rZ2.Q|8..Z2..Uo.bZ2.gZ3.7Z2.Q|9.sZ2.gZ2.fZ2..E9.eZ2..E6.fZ2.RichgZ2.................PE..L.....lf...........!.............p..................................................................................0...l...........................................................................................................................UPX0.....p..............................UPX1.............v..................@....rsrc................z..............@......................................................................................................................................................................................................................................................................................................................................................................................................4.21.UPX!....

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\5950171\....\TemporaryFile (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):177
                                                                                                                                                                      Entropy (8bit):5.199674938155793
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:FCxn9go7vcgtHqYcn307C3bKptbwNjGbttcSz3j9BfMkwetdQQqi5xQn:FCgYxtckm3byJwNittR9wgCQPxQn
                                                                                                                                                                      MD5:79D59988C12F0214DCA8BE424A94A91A
                                                                                                                                                                      SHA1:9C88792C8B94767093346F590CDC9C103AF6B4C2
                                                                                                                                                                      SHA-256:D3C151941A923BFBC7E686AECB5648461E8FA1516F93602B7AFF48F2318040D3
                                                                                                                                                                      SHA-512:A4D2F2E6407DE534D26911D540CCE8CF198D29A464CA9ABEB6451A9FA745C47307DF71A9C772E2D60663C4D5B0EABB9713DE794BF923B6153A0AAD3F76893FAD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[XLY]..P2=TLGCBXAGVFLQ.KBI..P5=JHKQFETWJKTIHLLBOKO..P4=TMGJRLDUDWLQ.FCU..P7=PXOEWCVFPIJPLHQSQSX..P3=SUGIPFIMNRQE.TMA..P6=MNHWOTMLOHTPVRFXPCH..P0=DAN127..P1=e8a0d5af432b7e64DBD..

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\5950203\....\TemporaryFile (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1390312
                                                                                                                                                                      Entropy (8bit):6.599443687044708
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:w4wwwwscgymwef8Z8Zzj6z1el68mUi1m/ONxdDDHNCU+3kvaBW7839l5Qafgb6L1:pwwwwscgymwefyEQ/U6/NnDDHNCTeaBf
                                                                                                                                                                      MD5:292575B19C7E7DB6F1DBC8E4D6FDFEDB
                                                                                                                                                                      SHA1:7DBCD6D0483ADB804ADE8B2D23748A3E69197A5B
                                                                                                                                                                      SHA-256:9036B502B65379D0FE2C3204D6954E2BB322427EDEEFAB85ECF8E98019CBC590
                                                                                                                                                                      SHA-512:D4AF90688D412BD497B8885E154EE428AF66119D62FAF73D90ADFFC3EEF086CF3A25B0380EC6FDC8A3D2F7C7048050EF57FCEA33229A615C5DCDA8B7022FA237
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0...0...0...9a.=...9c.I...9b.(...b......b.. ...b..&...9...1...9...7...0........4................1....o.1.....1...Rich0...........PE..L....x.c...........!.........~......x7...............................................~....@.........................P...|......P....p.................P,..........0...............................P...@............................................text............................... ..`.rdata..............................@..@.data...0........4..................@....rsrc.......p......................@..@.reloc...............B..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\5951156\....\TemporaryFile (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2713088
                                                                                                                                                                      Entropy (8bit):7.9358560764847
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:gCE0mvBnEwvJm7T8UyHNzeBBHKZlYU13/1wUqq7vf2h0Vw:gCZmvBEqUyHcclt/mUCOa
                                                                                                                                                                      MD5:C625FE50C8CBC877CBFAF1D5212F02C0
                                                                                                                                                                      SHA1:90763CBEB446C7638F80851E55AF9976285DC56C
                                                                                                                                                                      SHA-256:F8890DFA4609D9CB2CA685339468C5256356066CF91AB13C9A771A3B8A566D12
                                                                                                                                                                      SHA-512:898703B75D27A9EE5055965BE16D7DEFA482A4199D6C008E539A0102230743AD4540945B76E78804F4CFA99D3DE79B9584D91F6C74C3FF2E6B8F4CC09E7F472C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...SLSSSOSSSPPSS.SSSSSSS.SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS[SSSA..AS.J...R..................................FFE.SSSSSSSB.....t5..t5..t5..x5..t59..5..t5y.~5..t5...5..t59..5..t5..u5..t5...5..t5..t5..t5...5..t5..p5..t5......t5SSSSSSSSSSSSSSSS..SS.RLSd..SSSSSSSSsSA.DRISS.SSCSSS3.S.E.SS#.SSC.SSSSCSCSSSMSSOSSSSSSSOSSSSSSSS..SSOSSSSSSMSSSSSCSSCSSSSCSSCSSSSSSCSSSC..S.SSSSC.SCMSSSSSSSSSSSSSSSSSSSSSSSSSS...SGSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS....SSSSS3.SSCSSSSSSSOSSSSSSSSSSSSSS.SSs....SSSSS.SS#.SS.SSOSSSSSSSSSSSSSS.SSs....SSSSSCSSSC.SSOSSS.SSSSSSSSSSSSS.SS.SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS....S....FJKH

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\5951187\....\TemporaryFile (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):333824
                                                                                                                                                                      Entropy (8bit):6.389952178495305
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:WyEhWbJNOcWd55OHSCw1ohITXVvrJGqdK2Dug6dGXLSuMAFi2TBfR:Wlu1IjOIohILJrc4Ezui2TdR
                                                                                                                                                                      MD5:EC9483F4B8C3910B09CAAB0F6CB7CD1B
                                                                                                                                                                      SHA1:9931AAA8E626DF273EE42F98E2FC91C2078FDC07
                                                                                                                                                                      SHA-256:4D9CAE6E2E52270150542084AF949D7B68300E378868165FF601378A38F7048F
                                                                                                                                                                      SHA-512:84B60FE3CD0EDE19933B37AE0EAEBA1F87174A21BC8086857E57C8729CEC88F9FEF4B50A2B870F55C858DD43B070FD22FFEC5CB6F4FD5B950D6451B05EB65565
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z..S...........#................ .............$k................................. ........ .........................c.... .......`.......................p..|$...........................P......................."..h............................text...T...........................`.P`.data...t...........................@.`..rdata..L.... ......................@.`@.eh_fram............................@.0@.bss..................................`..edata..c...........................@.0@.idata....... ......................@.0..CRT....,....@......................@.0..tls.... ....P......................@.0..rsrc........`......................@.0..reloc..|$...p...&..................@.0B........................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\5951218\....\TemporaryFile (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1063616
                                                                                                                                                                      Entropy (8bit):6.674869382282474
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:2ODivXdRxWmQOhfbV5l7kZLWfGPeu/PUw6WmARlXDMmH6PBzT/Cn+m4q:2OuvbfGZGGKJT/Cn+Fq
                                                                                                                                                                      MD5:4FF45827EC92E40935F9939142CD40DC
                                                                                                                                                                      SHA1:CAD74928F3387E6BF28C3625803706061E956B34
                                                                                                                                                                      SHA-256:012ED8D16E9F7586FE44C0AFFE5BEA6FF68F27231A6526D439643869A103E434
                                                                                                                                                                      SHA-512:A3DFE7976E5FFB4BA0C68E218C0924568D343E7937ABB50785107DE5E0ADC11AD58A86E02FABB455845FBE8E545E48B57A67EB647C664390ED521D255FF3BEFE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...~/._.....................j...................@................................. ...................................{........3.......................@...........................................................................................text...0z.......|.................. ..`.itext.............................. ..`.data...D...........................@....bss.....e...@.......0...................idata...3.......4...0..............@....edata..{............d..............@..@.reloc...............f..............@..B.rsrc................V..............@..@....................................@..@........................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\5951250\....\TemporaryFile (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):388808
                                                                                                                                                                      Entropy (8bit):6.5956896905460125
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:B9su6Bohl2JJmgk1G8M0uQoRkQsKwxBF6CaSIU9ILZxxB5ARUWvAX+E:BSohl2JJmgk1U3QMkQsTx3paSIUixGRI
                                                                                                                                                                      MD5:B8253F0DD523BC1E2480F11A9702411D
                                                                                                                                                                      SHA1:61A4C65EB5D4176B00A1FF73621521C1E60D28EA
                                                                                                                                                                      SHA-256:01CEE5C4A2E80CB3FDAD50E2009F51CA18C787BF486CE31321899CCCEDC72E0C
                                                                                                                                                                      SHA-512:4C578003E31F08E403F4290970BC900D9F42CAA57C5B4C0ACA035D92EDC9921BF4034FC216C9860DA69054B05F98DADE5F6E218AC4BEE991BC37A3EF572FE9A0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...8..^..........................................@..........................P..........................................c....p...........N...............<.......g..................................................Ts..P............................text...T........................... ..`.itext.............................. ..`.data....).......*..................@....bss....<X...............................idata.......p......................@....edata..c...........................@..@.reloc...g.......h..................@..B.rsrc....N.......N...d..............@..@.............P......................@..@........................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\5951281\....\TemporaryFile (copy)

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1165576
                                                                                                                                                                      Entropy (8bit):6.491752155251347
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:ptf4OLWmQQ3b6ZVtecP3Ufy/ilDqzybXIZ0xKHpWq0dGcz7msH0WQWmAdA7yJBzA:tLDlDgRGxKHpSJ28TU
                                                                                                                                                                      MD5:D75E14313FC8A0850F3190CE67509475
                                                                                                                                                                      SHA1:74474830BC0706E5C0A8B455A4E1B47D9F1DE741
                                                                                                                                                                      SHA-256:E5C711BDB99AB55EBD96B3636C7396566C98ACFFD03DF735A15F1E18936A718A
                                                                                                                                                                      SHA-512:A4260F1A9A77BC41FC54532BDBF51F831004767E08150BFF95374663930BBE4FCA81790AA4578C062674557A02A698EA798CFC00F2355F6B8FA71BF2915CBAAA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......`..........................................@..........................0.......4...............................`..e....@..v........^...............A...p...Y...................................................C...............................text...x........................... ..`.itext.............................. ..`.data....".......$..................@....bss.....Y...............................idata..v....@......................@....edata..e....`......................@..@.reloc...Y...p...Z..................@..B.rsrc....^.......^...*..............@..@.............0......................@..@........................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\New

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 1 icon, 16x16, 16 colors
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):318
                                                                                                                                                                      Entropy (8bit):2.034441580055181
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:PFErXllvlNl/AXll/lFl/Ft/HtAiotuZt/nZllBe+llBe+llBe+llBe+llBe+lll:k9ij1BjjjjjTtXGuwtOZBl
                                                                                                                                                                      MD5:C23CBF002D82192481B61ED7EC0890F4
                                                                                                                                                                      SHA1:DD373901C73760CA36907FF04691F5504FF00ABE
                                                                                                                                                                      SHA-256:4F92E804A11453382EBFF7FB0958879BAE88FE3366306911DEC9D811CD306EED
                                                                                                                                                                      SHA-512:5CC5AD0AE9F8808DEA013881E1661824BE94FB89736C3CB31221E85BE1F3A408D6E5951ACCD40EE34B3BAF76D8E9DD8820D61A26345C00CDDC0A884375EE1185
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..............(.......(....... ...........................................................................................................................................................................................................................................................................}..................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\Up

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 1 icon, 16x16, 16 colors
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):318
                                                                                                                                                                      Entropy (8bit):2.0369361465218003
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:PFErXllvlNl/AXll/lFl/Ft/HtAiotuZt/nreBB+eKemhlRhmeemfB+ll5evZ/Xy:k9ij1KBBhK9jwmfBuiKaq5n
                                                                                                                                                                      MD5:83730AC00391FB0F02F56FE2E4207A10
                                                                                                                                                                      SHA1:139FED8F0216132450E66BDA0FBBDC2A5BD333AF
                                                                                                                                                                      SHA-256:573E3260EED63604F24F6F10CE5294E25E22FDA9E5BFD9010134DE6E684BAB98
                                                                                                                                                                      SHA-512:E3DBE1956BB743FD68319517D1D993DDA316C12BBBBBBD6F582ECDD60C4FDE24CC4814C7AB36ED571F720349931EAC10B03E9C911BA0F4309B10604B2C56C6A9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..............(.......(....... ...............................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\WHelp.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):39424
                                                                                                                                                                      Entropy (8bit):5.750662778266912
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:95235sQR6i6oI6rHjdbWqmQB5hw2l5HYsakk7BKfEDHIanumzKO732M/foo9d2:32mQV63qjh/pokkkfEDznzFhfoo72
                                                                                                                                                                      MD5:65786F45F119E213FCCF15B070944F96
                                                                                                                                                                      SHA1:F3F4CB3286E36E4908211CC940256F962DDD0836
                                                                                                                                                                      SHA-256:C3E569DD4A0A7E19BE1A8F523C16790BA87CB68755F5EB6295A834F40010FF3C
                                                                                                                                                                      SHA-512:8C52A1FA91D7F7111F94C83AA0719B365F16B9CE0465C038F4891232917D6E4346983898D087EBA0FFF3A7E09C01A4DAE405F0F42D5B2B291FD4FBA509B13431
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.d;&u.h&u.h&u.hI..h3u.hI..h(u.hI..heu.h/..h!u.h&u.hku.hI..h$u.hI..h'u.hI..h'u.hRich&u.h................PE..L.....\g...........!.....N...V...............`............................................@.............................P...<...P................................................................... ...@............`...............................text....L.......N.................. ..`.rdata...*...`...,...R..............@..@.data...@............~..............@....reloc..b...........................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\blue.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 355x304, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7379
                                                                                                                                                                      Entropy (8bit):7.675014430898698
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:Zs7nc2Efd4WLNlTSGJG8J+F1sGaPEl1M5np44DE4wA2A+fHDeGWhzrd7yf8TJWpC:ZsA2DqTRUUQMT4LxjPWhzrNyiFI5Ip
                                                                                                                                                                      MD5:6F1B5342D1B781596A4FEC79112DCB0C
                                                                                                                                                                      SHA1:08BDEDC9F65FC3A5F6D13D3EF0502769ABE4BD05
                                                                                                                                                                      SHA-256:3986699B9B4BE2F8C1747A37E74943F78870623701F08C90CAA007B4DE17924C
                                                                                                                                                                      SHA-512:FAE8A651E1DAF872A24FAE87D477F286CAD599DC232A716DBBAD7F091236DA80C71C30B990B6E2F4FF7E06D4414876DB756B452272A9A3E4B3EC1BC32B9E30D5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......U......Adobe.d.................................................................................................................................................0.c.......................................................................................!1AQ..aq..r....."2BR.S...b.....#3C.%...c$4TE..&..d.Ue...5F.......................!1Q.."A.R....B.a..............?...}.)I..k....[.W.........z.(..`*...[.`*..P.kC|.U...V*.R..X.)5J...).|.c)..[O.....S.k...wo$.9r......>e.l..8nH.o..}is...{.....8jH....Os..r7$r....F.s..rk]3....;.e...d..8..%...o.W.Y>rk]3......b...?..9..g...|.........5..x9/w.~....u.....|#.}..,.o4...&.........Q]....+).....tq..\...w....~0...r......T.......j..|#..._1...y.}.........>d..<;.y.}..&.?W.......2.....%..E..&.....;...!.....yoW/po..W.hmt......#...v..........o7..R'Uv....O..~a..{..y.......m_....|...t....}.........>..D......x.|..6..~..a..>m..~w..oW..Hm'..L.8......vV...nG..w..s.[....3.....<BN..}.If...&..&......|..s..c}..

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\cmdlinkarrow

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 3 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2862
                                                                                                                                                                      Entropy (8bit):3.160430651939096
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:QFFZ+f+zd+kHeNTM9/+Xz++++++++YWWS0i6I:QFFEw4Xc+D++++++++ypi9
                                                                                                                                                                      MD5:983358CE03817F1CA404BEFBE1E4D96A
                                                                                                                                                                      SHA1:75CE6CE80606BBB052DD35351ED95435892BAF8D
                                                                                                                                                                      SHA-256:7F0121322785C107BFDFE343E49F06C604C719BAFF849D07B6E099675D173961
                                                                                                                                                                      SHA-512:BDEE6E81A9C15AC23684C9F654D11CC0DB683774367401AA2C240D57751534B1E5A179FE4042286402B6030467DB82EEDBF0586C427FAA9B29BD5EF74B807F3E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..............(...6...........h...^......... .h.......(....... .........................................................................................................................................................wv....."""""o.."""""o..www""......"/.....""......"/......r.........................?...........................................?......(....... ..................................................."..... .". .6.-.9.;.<.;.D.3.,...4...9...O.,.Q.$.M.2.S.:.\.1.U.$._.1.F.G.I.A.`.@.w.q...|...q...{.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\complete.ico

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 3 icons, 48x48, 16 colors, 4 bits/pixel, 48x48, 8 bits/pixel
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):15086
                                                                                                                                                                      Entropy (8bit):5.432735724336821
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:lN3tnZnyRZF64hc28fwy+aXE25b6K0FHQHVd42oJ2zwZlaw484:lN37Yai8IaD5T0FHQHg29wZla04
                                                                                                                                                                      MD5:3EAFE3AE99BF33E9F59D970F21EBEF39
                                                                                                                                                                      SHA1:E9895CB920FDEB8907CE37D9666D4999A1DE5D2F
                                                                                                                                                                      SHA-256:5F6C78970EE7E3D668EB8A4ACB5D251C76599424A0B0372E7665527516D4C312
                                                                                                                                                                      SHA-512:8983717D464AC046A8A272276E90D3D1FD7900D2D89998FC332E420ECA4F01FCFBABB390667B4324C549D0655E62E181E3E7BEED514C5B9B67D0F8D480A9388D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......00......h...6...00..............00.... ..%..F...(...0...`..........................................................................................................................................wwww........................p..p........w...........p.w...p....x.....p.....pp........wx.............p....................q..............................................................................................wwww...............................................................................................................................o.....p.................o.....p..............................................................................wwww........................p.......................p......................pp.....p.................p......w.............q........ww`h....................wwp.........p..........wwwwp..................wwwwwwp.....p...wwww....wwwwwwww.gp..............wwwwwwwww...............wwwwwwxwwp..............wwwwwwx.ww..............wwwwwwx.wwp...........

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\custom.ico

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 3 icons, 48x48, 16 colors, 4 bits/pixel, 48x48, 8 bits/pixel
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):15086
                                                                                                                                                                      Entropy (8bit):5.4001074083138745
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:lN3tnFnyRZF64BiTfwy+aXE25b6K0FHQHVd4RhE2zwZlaw484:lN3XYa5TIaD5T0FHQHgRfwZla04
                                                                                                                                                                      MD5:1B5701D7F753135C22CC1AE694FFAF4B
                                                                                                                                                                      SHA1:966BDEF4159022FCC8740B6EB75B8D7AC4212504
                                                                                                                                                                      SHA-256:AEBA695175ED96D3EDE9FE30E486DF59C64A5FD802C15CB67F55E03A0537CD13
                                                                                                                                                                      SHA-512:4069B6AC1E51703687E0C17EA83527A258FF0C4BB4DC8051C96E5F98A7902C3301B89A5D2B55872711F85F528B0FB9BAEAF94E93B49B0A48BB8912E06A204EAC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......00......h...6...00..............00.... ..%..F...(...0...`..........................................................................................................................................wwww........................p..p........w...........p.w...p....x.....p.....pp........wx.............p....................q..............................................................................................wwww...............................................................................................................................o.....p.................o.....p..............................................................................wwww........................p.......................p.......................p.....p.................p......w................p.....ww`h..............p.....wwp.........p.....p....wwwwp..............p...wwwwwwp.....p...wwww....wwwwwwww.gp..............wwwwwwwww...............wwwwwwxwwp..............wwwwwwx.ww..............wwwwwwx.wwp...........

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\exclamation.ico

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 2 icons, 48x48, 8 bits/pixel, 48x48, 32 bits/pixel
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):13430
                                                                                                                                                                      Entropy (8bit):4.339511276304085
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:KYvlkFEXFYU2+yCvIFA13cJ/rrrrrpbEn5UnanjPRZfZy1wvI8:bVXuzd6IF0czwNPDZfI8
                                                                                                                                                                      MD5:93D722FA20A988A5C257A58BF155DC66
                                                                                                                                                                      SHA1:30C0D19F02CB39F8804DAFE6AF483A09C76E2338
                                                                                                                                                                      SHA-256:F587867EED0BEC33EF150F3A8525BDE9B6746C705543874E56653AA80EA53225
                                                                                                                                                                      SHA-512:BFB91739AE7432DD7D0A919F15B5B721E733675C3C2A4D5238C9955A6517DD4653042FA444F2D2627508908F6DA7DE0FBF22F37CF1A60476F59CBF254F62F736
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......00..........&...00.... ..%......(...0...`....................................-...<...I...L...P...S...S...T...G...@...K...V...W...Z...\...]..._...C..*^...`...`...f...a...f..&e.."f..*n..)v..3w..5v..2x..7|..8}..<}..B}..._...e...k...a...m...p...t...r...z......5...M{..............,...0...+... ...,...<...?...<...:.......................................;.......-...!...-...................................................#...#...*...6...5...;...'.../...#...(...,...(...,...:...;...6...1...:...A...@...K...J...L...B...A...S...D...K...V...\...R...M...M...K...M...e...`...`...k...d...m...s...z...Y...e...}.......z...J...G...J...B...E...V..._...]...U...[...Y...Q...L...G...F...B...M...J...P...[...R...\...P...Z...b...i...e...b...l...f...u...~...b...k...g...m...c...s...z...5...<...C...J...N...T...Z...U...X...]...g...c...m...c...h...z...s...z...t...}...i...r...u...t...~.....................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\externalui.ico

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 3 icons, 48x48, 16 colors, 4 bits/pixel, 48x48, 8 bits/pixel
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):15086
                                                                                                                                                                      Entropy (8bit):5.036354960673055
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:q4lYOUfhBJ1gqASunI8FoQaaJ+nkt0p1b+v:q4leXXArnI8FoVa4nP0
                                                                                                                                                                      MD5:235E54EB7ACEA02DC322F4065498165D
                                                                                                                                                                      SHA1:AD825997EC58A33A164B471FE3BD4B7C74614D9A
                                                                                                                                                                      SHA-256:B294EDF73CC936610CC81BCA6B95D1C7D6091595EC074C6B334ECA45D2DC354F
                                                                                                                                                                      SHA-512:5AC20371FD09E6A1F8C134FB24C045C36D835544D04E681FB6A51ADFF12A6BF8225C53D865B601EA5452024ABE7C02204A759B317D7410CF59F66ADFBE089D5C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......00......h...6...00..............00.... ..%..F...(...0...`........................................................................................................................................www................p..........................h.....p.........................................................................................................................p.......................p............................wwwwp..................wwwwwp..................wwwwwp..................wwwwwp..............p....wwww.................................................................wwwwwwwp....p........p.............wp.....................wwwp......p....wwwwwwp..wwwww.w.w...............wwwwww..................wwwwwwwp.....x..........wwwwwxww.....x..........wwwwwx.wp....x..........wwwwww.ww....x..........wwwwww.ww....x..........wwwwwwxwww...x..........wwwwwwwwwp...x..........wwwwwwwwwp...x............wwwwwwpp...x.........wp.......xp...x........x..........p...x...............wq..p...x.

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\fhjyy.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):175328
                                                                                                                                                                      Entropy (8bit):6.879935553739908
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:jnrQnzMYywmn3h1sp7/WvCnIukR4BbxKigu/fgl1glfdjgBftJeCEEzx4N7mcr5:XQnzXtr7tbxKVuE1gQJeCEMx4p
                                                                                                                                                                      MD5:BE4ED0D3AA0B2573927A046620106B13
                                                                                                                                                                      SHA1:0B81544CD5E66A36D90A033F60A0ECE1CD3506A8
                                                                                                                                                                      SHA-256:79BF3258E03FD1ACB395DC184FBE5496DFA4B3D6A3F9F4598C5DF13422CC600D
                                                                                                                                                                      SHA-512:BD4E0447C47EEA3D457B4C0E8264C1A315EE796CF29E721E9E6B7AB396802E3CCC633488F8BEEB8D2CF42A300367F76DEDDA74174C0B687FB8A328D197132753
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............d..d..d...g..d...a...d...`..d..g..d..`..d..a..d...e..d..e..d...a..d.....d.....d...f..d.Rich..d.........PE..L....]d............................S#............@.................................>.....@.................................d8..<....p...............d...H...........*..T...........................H+..@...............$............................text............................... ..`.rdata..._.......`..................@..@.data........@.......4..............@....gfids.. ....`.......>..............@..@.rsrc........p.......@..............@..@.reloc...............T..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\info

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 2 icons, 32x32, 16 colors, 16x16, 16 colors
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1078
                                                                                                                                                                      Entropy (8bit):2.8642269548572474
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:hEipI3VFpSyZ9I7imddddGDxxOxzma3ZmRgRtqVtipMLXwHqfM:hEigFpTz1xA6aJmRgwi6LgHcM
                                                                                                                                                                      MD5:554FF4C199562515D758C9ABFF5C2943
                                                                                                                                                                      SHA1:9E3BAB3A975E638EAD9E03731AE82FA1DBCD178C
                                                                                                                                                                      SHA-256:9AE4A96BF2A349667E844ACC1E2AC4F89361A6182268438F4D063DF3A6FC47BC
                                                                                                                                                                      SHA-512:E302EDF3DAB3A0E9EEB5AFA34E4910EE177099C017B42F86847CF972143C87E8C40BC47689A3C8845051EAB98258A392CCAF331F414C271A1B6B751F503CE221
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...... ..........&...........(.......(... ...@.........................................................................................................p..............wp...............p...............p...............p...............p..........ww...ww........wp....www..............wwp..............ww...............wp..............ww...............wp..............wp...............w...............wx..............w...............w...............w...............w...............w...............px..............p............................................................................................p......w.......w........wx....w...........wwwp.....................................?...............................................................................?................(....... .............................................................................................................................p.......w..x.....p.......p.......w.................................................w

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\info.ico

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 6 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):22486
                                                                                                                                                                      Entropy (8bit):5.511908704029649
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:0DT6aNn0CgAevbxezcSptuGH0BJ1cBYehJjbQypQ6X8rdb:/aNn0DAoN4c8HH031/QQ6XWZ
                                                                                                                                                                      MD5:FD535E63F539EACB3F11D03B52B39A80
                                                                                                                                                                      SHA1:A7F8C942E5672F2972C82210A38CC8861435F643
                                                                                                                                                                      SHA-256:0086BC01150989F553A0A4AE0E14926C6E247CEDDA312E1F946AE35D575742AB
                                                                                                                                                                      SHA-512:716EAB95B5535D54359D12C9786F5A53F9560126D2C48EB1A94DB5BD383363B43EA686AC421080564B54450DA35AF9CE3E11CECD485AAF27C0CEAEE7836F4518
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......00..........f... ......................h.......00.... ..%...... .... ......B........ .h...nS..(...0...`....................................B...C...D...F!..H#..I#..J%..L&..N)..Q+..S-..U/..V5..W1..Y3..Y4..[5..\7..]7..]9.._:.._<..c?..`9..c=..d>..d=..`@..eC..fB..gD..hA..iF..kF..lG..kN..kI..lJ..oK..nL..jC..lE..oG..qO..pH..rN..rM..tO..uO..sK..uM..wO..pT..sP..vW..w]..tQ..wT..yV..xQ..zQ..{U..zT..|T..{Y..}Z..~Z..~X...\..}U..}d..[..^..^.._..W..Y..Y..[..]..\..]..]..].._..f..l..`..q..w..u..t..x..}..{...b..`..b..b..e..g..`..d..e..k..i..n..i..m..q..u..x.....z........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\lzmaextractor.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16328
                                                                                                                                                                      Entropy (8bit):6.530762223829305
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:POw0cwpdr9ee/PTG3eK4i/8E9VFL2UtCsDkm:POAwLge/PaeKeEdKTm
                                                                                                                                                                      MD5:F1F56D26D0244DC52C1932C72BC27D7C
                                                                                                                                                                      SHA1:58D42600E3B54227DF0A2C600D8783C1B7B282B0
                                                                                                                                                                      SHA-256:43E55A6CBE1AB609A23BA1A462BC688FB1CD4CDD5E6EDFB79031FA8F502E6DDC
                                                                                                                                                                      SHA-512:B94D886136016A832663D7F423D6CA9ABB4C1342930CE46B6B8F319AF7C96350C4DB421C79254EEF4A8431831F5CABE758E7C8B3E5FD36A6CE93405AC8334012
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>.t9z..jz..jz..j...ku..jz..jJ..j...k...j...k{..j...j{..jz.j{..j...k{..jRichz..j........................PE..L...x..b.........."!... ............@........ ...............................`............@.........................P".......$.......@..h................#...P..\....!..p............................................ ..X............................text...)........................... ..`.rdata..X.... ......................@..@.data........0......................@....rsrc...h....@......................@..@.reloc..\....P......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\minbackground.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 760x100, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):15366
                                                                                                                                                                      Entropy (8bit):7.95557428882131
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:ZsgYb2FNX3lLAvWkoFQVHunMJkaCxzpsEo9fDC79Vh4Vcj:ZsgYbuN3Gb/HunMJbWtl8rQ9ffj
                                                                                                                                                                      MD5:845B155C2F68096094B443873E5A6142
                                                                                                                                                                      SHA1:A1167CADC4ED424BFC9AABF61B3E0EDBE6FFC818
                                                                                                                                                                      SHA-256:70FFF5DC4ECCA73EF601BD78A67EAF0141079EBA11FC9659EC4C4A4AA5C78C9E
                                                                                                                                                                      SHA-512:60B9165D37600A5EB1563CA8C69579C2DEE8ECFAD8BF60580DEB7307607BDDE33BEBAA07C3E35D94366FDC4D403747049AA758D4096519836E11BF7CE0326040
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......U......Adobe.d.................................................................................................................................................d............................................................................................!1..AQ.aq."2.......B..Rr#3..b...CS$..s.%..T.....................!.1.Q.Aaq......"2..#...B.............?......=.u..[..7M.+v.p.H...6....:Y.........f.O..*.RK...)tH9...2D.....ZGI......P.QU..M....;1.W....|J......\O......g.=W..n'......Y.7U.&..._.w..n..UW..k....Q...U^.6.Sa.w....U^..wSTy..L....W....y..)..z..qaq&.c.).gMR.X.&.c.)..C.......u.!....X....j..A..v...MF.D.*h..Q....T.4.n..GC.f7H..S..,{.Lt.-..P.i0e./a..^I.&......~.u%d0...J..9..#....(~I.%d........&s].YB....)..,ah.H..b.sY.-..41.|.4.o#Hm...L..U...x.h.[....vj.....Q.....]upp..Cn...Y2VA1@j8e..d.......n.N....[@.S..US&...$.{1FI0.x....s%i.!...W..,....cJ.......hI.``..P...n$.c..7....e..Q.]..4..I.%...cI..@..D\..iE...4..C..EV...v..&~OQ.a

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\remove.ico

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 3 icons, 48x48, 16 colors, 4 bits/pixel, 48x48, 8 bits/pixel
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):15086
                                                                                                                                                                      Entropy (8bit):3.6742809399919576
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:4cYE5eZRboMB6f5iR59urg5N+qdrzt2eYi:4cAshf5quryvdPwzi
                                                                                                                                                                      MD5:AA0A5F0280C98006741B6CB56C3A360E
                                                                                                                                                                      SHA1:AC820BBEC6D08545A4A4818DF9EB09B521BF2E40
                                                                                                                                                                      SHA-256:2AC61CEA48CCDB1751CB6B93BA90267508ED6AC900B2E2AC6EAD172C9B8958F2
                                                                                                                                                                      SHA-512:7646B3786039711FD60BD9C82A2CBAC51CAA75626CD1695F29EF4939637F60118F6B32B6B781EC57D6F478091C33DC886B2B6C3751B948CD0E916E617C52B254
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......00......h...6...00..............00.... ..%..F...(...0...`...................................................................................................................................................w......................wwp....................w..w....................x..w...................w...wp..................w....p..................x....p..................x....w..................x....w..................x....w..................x.....p..........xp.....x.....p.......................w.......................w.........x........x....wp........xp.............p.......w.p.............w.......x...............w......w................wp.....w.................w....wx.................w....w..................wp..wx...................w..w....................wwwx....................wwx......................w............................................................................................x.....p.................x....wp................w......wp..............wx......ww..........

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\repair.ico

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 3 icons, 48x48, 16 colors, 4 bits/pixel, 48x48, 8 bits/pixel
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):15086
                                                                                                                                                                      Entropy (8bit):5.656471862600903
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:+q2qe82nprAWkcWFW57oVht/k2VxomK0qHTk4TdrofvMxnVRYAn4vf:ej84ArgojFTVxoz0qHNTdr+vKVRYAIf
                                                                                                                                                                      MD5:4DBA3637F5FCEAADD2184BD8A0F0FB95
                                                                                                                                                                      SHA1:A858418C32F5D45F15AB01CAFC652B507DE2A42B
                                                                                                                                                                      SHA-256:C1AD1E78A112974326B44F75FE302723A4FC8AC1CCD96C9887403F6DDF8E607D
                                                                                                                                                                      SHA-512:DA105188273312DD1C79D90C2A1AE17ED584A70C14BCD662EAB3B7FC99D7A91B30957D965498E6FB397E01EA72ED3EA0AB8BDBB4313E68E8E45073B87E412E26
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......00......h...6...00..............00.... ..%..F...(...0...`...............................................................................................................................................................wp...w............wx..ppw....ww..p.......w.....qx.......pp......w......q....x....p..................x....p................p.x....p..............p.x....p..............p.x....p..............p.x....p..............x.x....p................x....p...............w..x....p...............q..x....p.............p....w....p..................w....p..................w....p..........p.......w....p.......................p.................p..w..p....................w..p....................w..p................p...w..p................p...w..p...wp...........p.w.w..p...wv...........p.w.w..p..www............wx..p.p.wwwww.x....p........p.p.wwwwww.x..x.....w...p.p.wwwwwwwp.w........pww.p.wwwwwwwwwp..x..w..w...p.wwwwwww.ww...ww.x...p.p..wwwwww.wwp.....w..xp.p..wwwwww.www...........p

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\rtlothree_colors.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 760x17, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3420
                                                                                                                                                                      Entropy (8bit):7.841479572759416
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:Q6PKp1qGfXtGjelIs3Qj/y6+/yzyQguDYfE10JeOWMm+1Q:Q6PKpsetGsZQj/j+4jKE11OW+1Q
                                                                                                                                                                      MD5:A45540685353D14EB9B2344F556F672B
                                                                                                                                                                      SHA1:C540395FAFD4D23A5614B5A692080D3B07DEBCAB
                                                                                                                                                                      SHA-256:CE18FC834CEA0215B8BD6EB1C66586B4904FC7FCE758F6CBB1E9EB6FC004F338
                                                                                                                                                                      SHA-512:69DAFCD7BDCDF72E352EDFC67DF2C58FDEA22A6779702FB00670B90619DD0D673B8FB74E7047F7CB807AACEC08533A128DC437AFAB054C9FCB911D7C2779FCF3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......Exif..II*.................Ducky.......U......Adobe.d...........................................................................................................................................................................................................................................!1.AQ.aq.."2.3.......B.#.R..r4........................!1AQ..a..."2...B............?.....}=...5....6..9....u]A@1....G.x.f.~...]i...VpKw....+[f.....q...i.4.M.;Kz..}=.-.....7B...............?...W..?C.........R........K...5...+JU,............^..Oik......dL..".x.q/ ..m.l.k.Z.e..j.L..=..&...K._Px.@h.w..X..[zV...}mk.ZL.....3-c. ....2...... .^...z............Q..E.A..d..h.......\...}6uV.3.....t...!.~.f......l.....J^z.G~.&...e....A.c.$...]PG.(hjF.S^+.].k~...<.[t..Qt2:.d...-..c\.e..y1M...m.....'.{.ei...`d....k...1....2.O.CA..&.'.>O..[...........i.M...>X..B..F..=.s.-...<.......N...6....[Z.943.f....NMr<E.W%I.ro..#..ro.....nj..6......b.F...k..U.B-bu.=.b..Bi........e<...U

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\three_colors.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 760x505, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):26619
                                                                                                                                                                      Entropy (8bit):7.547741155491426
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:Zsra5o/C+tKDDPW4I++xCsuOlApLTEDjeEImcF:jaQD6DVCsBSpL0eEIFF
                                                                                                                                                                      MD5:718CAFA7E04A8D4D98116BCB4C377D7F
                                                                                                                                                                      SHA1:38A1EAC1E72997FFA9FB01BDE2540B18F046A3F5
                                                                                                                                                                      SHA-256:FBE48BA8AF8CC23A66906A1E94AC10D86CE91B86A18531CE1C96D6061387C2B5
                                                                                                                                                                      SHA-512:0FECEB6C7AC536B985198C63008668424DA51E628656706DE30E472DAEA49380F5D25187A268E8BF2E3740AAB6A8ED1171EC4E2C6A69699BAB7DB5B619CB36EB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky.......U......Adobe.d.............................................................................................................................................................................................................................................!1..AQ.aq"....2....BR#....3..b...r..$...CS.....c....vX4.f'G8.......................!Q.1.A...aS..q.."2RC..B...3............?....um.|:....o..H....e..W'...e."......X.o^.9{.<.sY.........nk;7.....K.S.W....;...$..3Sk..6w[._...k..Y....n......t...Gk....^.k..t...Sg..U..,...v.Y..lw7p....M...v{....<O...^.d{[..0.?{5..I......>y...#..]m$.ztz.)6..z.z.'-K.=:.m.O....W...X&.Ez.8.+q...*.u..b.=...].m..>.5...8?...k.....(...p.r.=.[H6.*..6...M.aG....h....|.I^m.ee9.....e../ccf)-*.....}.LjQP.....m..Y.aW.5+...y.[...k.y..-......:.......p....v..{..m.6.:..bt..-..1JR^..7.\6.CmbR..8.es....&.O......"...sle}].{tU../...iVg)]. ..&Gm.,0.GM.....Kp.km.q..M.g....j.....C.[.DK...U..8BQk....Te...v......a.EJ..

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\typical.ico

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 3 icons, 48x48, 16 colors, 4 bits/pixel, 48x48, 8 bits/pixel
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):15086
                                                                                                                                                                      Entropy (8bit):4.926016576393048
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:entnoFoTahmFxRYq7mE25b6K0FHQHVd4oXb2zwNf3i4ij:enWuPFxt785T0FHQHgo2wNf3oj
                                                                                                                                                                      MD5:EB3F9054BB5F95ED6B10EC4E16A026BE
                                                                                                                                                                      SHA1:35760271A03029996BDA26D5D596CFCC465E3EA9
                                                                                                                                                                      SHA-256:E330FA8030AA0465B02880133ADDBA0A8C6011B511F6968B413BF45516F7275E
                                                                                                                                                                      SHA-512:B0A96DA5514A9B8E9FA182A294694299388A854245AEC01E835B1108D568F9F1158917D9792BC852568EC56C2ED5E54F9E630E02D1EC79A281E2B28A67167A51
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......00......h...6...00..............00.... ..%..F...(...0...`.........................................................................................................................................................................p........w.............w...p....x.....p...............wx....................................................................................................................................................................................................................................................................o.....p.................o.....p................................................................................................................................................................p........................w......................ww`h....................wwp.........p..........wwwwp..................wwwwwwp.....p...........wwwwwwww.gp..............wwwwwwwww...............wwwwwwxwwp..............wwwwwwx.ww..............wwwwwwx.wwp...........

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\white.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 493x312, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1232
                                                                                                                                                                      Entropy (8bit):1.290282383283862
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:nSullBbsRllAqp/y4FKKn5bbeWfa5QpUolHmBkDt0+EtZtE//Wmst18n:3llxqQ8AfQRGSDt0RZty/Wmsw
                                                                                                                                                                      MD5:57D130DDF327FCC5DA636A6AB4D7C112
                                                                                                                                                                      SHA1:D674F332D4F79C70D4A97BFD9E504A8F3A2C26B6
                                                                                                                                                                      SHA-256:990EAB9FAAAE9F78201EF00A72F7B59773EED2B2FC9EC72250C67F376EE0500F
                                                                                                                                                                      SHA-512:E2F2141973CD9B7B52347EBCC89E89FDDEAA5B9721011C2CD7B2F2EAE434EF0F10D02537EB0F1AD6276FA182147AE935277EF9BBE31960EE2D82437C0741D39D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky..............Adobe.d.............).)A&&AB///BG?>>?GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG..))4&4?((?G?5?GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG......8...."..........K.....................................................................................?..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\AI_EXTUI_BIN_5324\whitesmall.jpg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 446x92, components 3
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):554
                                                                                                                                                                      Entropy (8bit):2.356721207995078
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:nSullBbsRllAqp/y4FKKn5bbeWfa5QpUolG5PkDt0+EtZtE//WmstN8n:3llxqQ8AfQRG5cDt0RZty/WmsY
                                                                                                                                                                      MD5:4429F170056663EFD1486395E8EB0AF6
                                                                                                                                                                      SHA1:AE9B01A44C8EE5AE7146F0523E512EE32DC284AD
                                                                                                                                                                      SHA-256:FFE2980D90152EF603555A735B7CBA1917C99BB67061B44D6AC6F12E6384BDD9
                                                                                                                                                                      SHA-512:719F4E55944502F7D472F362DD0D1D09649FBAEC0515701C9C84BBB3F32B06CC29E4A4C55022BC034CBC68C9C151A90018A926D1A08B4D5048F117950E9135E9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......JFIF.....d.d......Ducky..............Adobe.d.............).)A&&AB///BG?>>?GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG..))4&4?((?G?5?GGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGGG......\...."..........K.....................................................................................?................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\INA8055.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):823240
                                                                                                                                                                      Entropy (8bit):6.404576447300874
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:rTaRpuaJXUUxsdScfjP3UtMMnNfXnUCCAs0+D:rG/uaJEisdScfbUiANfXnUCCAs0+D
                                                                                                                                                                      MD5:2E25B7DC66FC65D92C998D6FB1D09EF6
                                                                                                                                                                      SHA1:719CC9C0BBE12F040E169984851E3ABEA03D9CF8
                                                                                                                                                                      SHA-256:A01FB6763B11BA0CBF9B26FC8D45E933C2A6AD313BC9B12ED41AC67BAF2AA8C2
                                                                                                                                                                      SHA-512:7D4AF029A01CE60FC0787599C031C0DBFF7069311832A5587F003EA68EF739B22C8B01832E00801B0D17C12983C4D0E7877CDE58DE371886CFB6BE5B490F4C33
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$....................4.....4..H..........................4.....4.....4................................F..........Rich...................PE..L...q..b.........."!... .$...X...............@...........................................@.................................`........................l...#......@...h...p...............................@............@...............................text....".......$.................. ..`.rdata......@.......(..............@..@.data...............................@....rsrc................t..............@..@.reloc..@...........................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSI10E8.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):563656
                                                                                                                                                                      Entropy (8bit):6.432700089523593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                                                                                      MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                                                                                      SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                                                                                      SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                                                                                      SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSI1118.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):563656
                                                                                                                                                                      Entropy (8bit):6.432700089523593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                                                                                      MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                                                                                      SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                                                                                      SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                                                                                      SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSI8103.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):563656
                                                                                                                                                                      Entropy (8bit):6.432700089523593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                                                                                      MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                                                                                      SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                                                                                      SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                                                                                      SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSI83C3.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):949704
                                                                                                                                                                      Entropy (8bit):6.466154972117666
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:sIwVz9EMURaglxM62wOR4H0kXiOfWo1OrEMBZX26PH2caU:n0OO62wOR4UkrfH1OrEMBZX26PH2caU
                                                                                                                                                                      MD5:8C98FC0407681EAC7FD69EA06DBF29EA
                                                                                                                                                                      SHA1:109C8E1BCF375F6FDCFA5B00F02E092E0678595B
                                                                                                                                                                      SHA-256:B4C7B684DDCEEC5D4A809D8A7F4B8D2CF87E5B866E0D83F389018F423295EC4E
                                                                                                                                                                      SHA-512:0A24D27B7982F314047977D4D219F53D7F4CBEDA9A2E72E4D328604E1FA183BFA670F0391CC70A5888E5C0747177B7AE5A1298E8F884FD8FD8515EA2FF9683D7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^.5.?.f.?.f.?.feM.g.?.feM.g.?.f.E.g.?.f.E.g.?.f.E.g.?.f.G.g.?.feM.g.?.feM.g.?.f.?.f.>.f.E.g.?.f.E.g.?.f.EAf.?.f.?)f.?.f.E.g.?.fRich.?.f................PE..L.....b.........."!... ............~...............................................k2....@......................... ...t............................Z...#......T....L..p...................@M.......L..@............................................text............................... ..`.rdata..D...........................@..@.data...............................@....rsrc................X..............@..@.reloc..T............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSI8FBB.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):563656
                                                                                                                                                                      Entropy (8bit):6.432700089523593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                                                                                      MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                                                                                      SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                                                                                      SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                                                                                      SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSI8FEB.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):563656
                                                                                                                                                                      Entropy (8bit):6.432700089523593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                                                                                      MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                                                                                      SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                                                                                      SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                                                                                      SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSI900B.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):563656
                                                                                                                                                                      Entropy (8bit):6.432700089523593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                                                                                      MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                                                                                      SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                                                                                      SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                                                                                      SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSI905A.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):563656
                                                                                                                                                                      Entropy (8bit):6.432700089523593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                                                                                      MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                                                                                      SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                                                                                      SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                                                                                      SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSI90C8.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):823240
                                                                                                                                                                      Entropy (8bit):6.404576447300874
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:rTaRpuaJXUUxsdScfjP3UtMMnNfXnUCCAs0+D:rG/uaJEisdScfbUiANfXnUCCAs0+D
                                                                                                                                                                      MD5:2E25B7DC66FC65D92C998D6FB1D09EF6
                                                                                                                                                                      SHA1:719CC9C0BBE12F040E169984851E3ABEA03D9CF8
                                                                                                                                                                      SHA-256:A01FB6763B11BA0CBF9B26FC8D45E933C2A6AD313BC9B12ED41AC67BAF2AA8C2
                                                                                                                                                                      SHA-512:7D4AF029A01CE60FC0787599C031C0DBFF7069311832A5587F003EA68EF739B22C8B01832E00801B0D17C12983C4D0E7877CDE58DE371886CFB6BE5B490F4C33
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$....................4.....4..H..........................4.....4.....4................................F..........Rich...................PE..L...q..b.........."!... .$...X...............@...........................................@.................................`........................l...#......@...h...p...............................@............@...............................text....".......$.................. ..`.rdata......@.......(..............@..@.data...............................@....rsrc................t..............@..@.reloc..@...........................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSI9108.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):949704
                                                                                                                                                                      Entropy (8bit):6.466154972117666
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:sIwVz9EMURaglxM62wOR4H0kXiOfWo1OrEMBZX26PH2caU:n0OO62wOR4UkrfH1OrEMBZX26PH2caU
                                                                                                                                                                      MD5:8C98FC0407681EAC7FD69EA06DBF29EA
                                                                                                                                                                      SHA1:109C8E1BCF375F6FDCFA5B00F02E092E0678595B
                                                                                                                                                                      SHA-256:B4C7B684DDCEEC5D4A809D8A7F4B8D2CF87E5B866E0D83F389018F423295EC4E
                                                                                                                                                                      SHA-512:0A24D27B7982F314047977D4D219F53D7F4CBEDA9A2E72E4D328604E1FA183BFA670F0391CC70A5888E5C0747177B7AE5A1298E8F884FD8FD8515EA2FF9683D7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^.5.?.f.?.f.?.feM.g.?.feM.g.?.f.E.g.?.f.E.g.?.f.E.g.?.f.G.g.?.feM.g.?.feM.g.?.f.?.f.>.f.E.g.?.f.E.g.?.f.EAf.?.f.?)f.?.f.E.g.?.fRich.?.f................PE..L.....b.........."!... ............~...............................................k2....@......................... ...t............................Z...#......T....L..p...................@M.......L..@............................................text............................... ..`.rdata..D...........................@..@.data...............................@....rsrc................X..............@..@.reloc..T............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\MSI9AEC.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):823240
                                                                                                                                                                      Entropy (8bit):6.404576447300874
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:rTaRpuaJXUUxsdScfjP3UtMMnNfXnUCCAs0+D:rG/uaJEisdScfbUiANfXnUCCAs0+D
                                                                                                                                                                      MD5:2E25B7DC66FC65D92C998D6FB1D09EF6
                                                                                                                                                                      SHA1:719CC9C0BBE12F040E169984851E3ABEA03D9CF8
                                                                                                                                                                      SHA-256:A01FB6763B11BA0CBF9B26FC8D45E933C2A6AD313BC9B12ED41AC67BAF2AA8C2
                                                                                                                                                                      SHA-512:7D4AF029A01CE60FC0787599C031C0DBFF7069311832A5587F003EA68EF739B22C8B01832E00801B0D17C12983C4D0E7877CDE58DE371886CFB6BE5B490F4C33
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$....................4.....4..H..........................4.....4.....4................................F..........Rich...................PE..L...q..b.........."!... .$...X...............@...........................................@.................................`........................l...#......@...h...p...............................@............@...............................text....".......$.................. ..`.rdata......@.......(..............@..@.data...............................@....rsrc................t..............@..@.reloc..@...........................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\shi1C6D.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4509696
                                                                                                                                                                      Entropy (8bit):6.100941182830929
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:jm+XAVAMPLfOyim8iTRxYUOQSfLTZZZ2y38lb7Cjn3mboy4+MT7ujWx/Tl0ng48e:CzVAwiKTOpfLTDQyaNoy787ujWx/TlR
                                                                                                                                                                      MD5:F6153E803F1533042AC7E6988237C2C3
                                                                                                                                                                      SHA1:DDA81BB8BC8CC14877C9CB9B7C664DEFD81EBB4F
                                                                                                                                                                      SHA-256:F42A771D310C762C05A5BE3DE0CFDB9BEC28D3DFCCAEF800C901F551A0DF30ED
                                                                                                                                                                      SHA-512:7AE76A4CB58A9929C09B1D6376073268622C74B1E3F0C346AFA7A7829E2EF136CCF091F58CCA28BFE83C665573C23D9DB6AF51A44275DA0CC2CF8C1306ADDBAC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._.._.._..V.X.=..K..S..K..X..K..W.._.....K..^..K..-..K..D..K.4.^..K..^..Rich_..........................PE..L....+.X...........!.....dA.........P.3.......A....c.........................@E.......E...@A.........................i@.K&..L.A.......B.H.....................D..-......T....................O...... .................A.H....C@......................text.....@.......@................. ..`.wpp_sf.......@.......@............. ..`.data....6....A......hA.............@....idata...1....A..2...nA.............@..@.didat..4.....B.......A.............@....rsrc...H.....B.......A.............@..@.reloc...-....D.......C.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\shi1CCC.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):83128
                                                                                                                                                                      Entropy (8bit):6.654653670108596
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:0jIdYoF2CwmzOVStYMAuNWrmaTk++ouMOczT0ud4x41xmPS:0jRoFZwmr+bDk/MOcv0G4sxm
                                                                                                                                                                      MD5:125B0F6BF378358E4F9C837FF6682D94
                                                                                                                                                                      SHA1:8715BEB626E0F4BD79A14819CC0F90B81A2E58AD
                                                                                                                                                                      SHA-256:E99EAB3C75989B519F7F828373042701329ACBD8CEADF4F3FF390F346AC76193
                                                                                                                                                                      SHA-512:B63BB6BFDA70D42472868B5A1D3951CF9B2E00A7FADB08C1F599151A1801A19F5A75CFC3ACE94C952CFD284EB261C7D6F11BE0EBBCAA701B75036D3A6B442DB2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.T...:...:...:.....&.:...9...:...;...:...;...:...:...:...4...:...?...:......:...>...:......:...8...:.Rich..:.................PE..L...Y.............!.........H.......n..............................................;.....@A........................P........B.......`............... ...$...p..........T............................................@...............................text.../........................... ..`.data....!..........................@....idata..H....@......................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\shi2A36.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5038592
                                                                                                                                                                      Entropy (8bit):6.043058205786219
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:vVkDvLSkqdbEsuV+ebMh8w+/H8pF/bmlEyGjWvcP1xQ+X7TqVAMPLfQyim8kznsY:2Ll+Mn0WHl9VA2ic/
                                                                                                                                                                      MD5:11F7419009AF2874C4B0E4505D185D79
                                                                                                                                                                      SHA1:451D8D0470CEDB268619BA1E7AE78ADAE0EBA692
                                                                                                                                                                      SHA-256:AC24CCE72F82C3EBBE9E7E9B80004163B9EED54D30467ECE6157EE4061BEAC95
                                                                                                                                                                      SHA-512:1EABBBFDF579A93BBB055B973AA3321FC8DC8DA1A36FDE2BA9A4D58E5751DC106A4A1BBC4AD1F425C082702D6FBB821AA1078BC5ADC6B2AD1B5CE12A68058805
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.D!...!...!...(.V.C...5..."...5...&...5...)...!......5...:...5... ...5...R...5.:. ...5... ...Rich!...................PE..d...p............." .........D...............................................`M.....'.M...`A........................................@.H.L&....I......@K.H.....I..............@M.....`J:.p.......................(....%..............@.......$.H......................text...4B.......D.................. ..`.wpp_sf.....`.......H.............. ..`.rdata...L*......N*.................@..@.data...hD...PI......*I.............@....pdata........I......2I.............@..@.didat.......0K.......J.............@....rsrc...H....@K.......J.............@..@.reloc.......@M.. ....L.............@..B........................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\shi8085.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5038592
                                                                                                                                                                      Entropy (8bit):6.043058205786219
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:vVkDvLSkqdbEsuV+ebMh8w+/H8pF/bmlEyGjWvcP1xQ+X7TqVAMPLfQyim8kznsY:2Ll+Mn0WHl9VA2ic/
                                                                                                                                                                      MD5:11F7419009AF2874C4B0E4505D185D79
                                                                                                                                                                      SHA1:451D8D0470CEDB268619BA1E7AE78ADAE0EBA692
                                                                                                                                                                      SHA-256:AC24CCE72F82C3EBBE9E7E9B80004163B9EED54D30467ECE6157EE4061BEAC95
                                                                                                                                                                      SHA-512:1EABBBFDF579A93BBB055B973AA3321FC8DC8DA1A36FDE2BA9A4D58E5751DC106A4A1BBC4AD1F425C082702D6FBB821AA1078BC5ADC6B2AD1B5CE12A68058805
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.D!...!...!...(.V.C...5..."...5...&...5...)...!......5...:...5... ...5...R...5.:. ...5... ...Rich!...................PE..d...p............." .........D...............................................`M.....'.M...`A........................................@.H.L&....I......@K.H.....I..............@M.....`J:.p.......................(....%..............@.......$.H......................text...4B.......D.................. ..`.wpp_sf.....`.......H.............. ..`.rdata...L*......N*.................@..@.data...hD...PI......*I.............@....pdata........I......2I.............@..@.didat.......0K.......J.............@....rsrc...H....@K.......J.............@..@.reloc.......@M.. ....L.............@..B........................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\shiF3C.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4509696
                                                                                                                                                                      Entropy (8bit):6.100941182830929
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:jm+XAVAMPLfOyim8iTRxYUOQSfLTZZZ2y38lb7Cjn3mboy4+MT7ujWx/Tl0ng48e:CzVAwiKTOpfLTDQyaNoy787ujWx/TlR
                                                                                                                                                                      MD5:F6153E803F1533042AC7E6988237C2C3
                                                                                                                                                                      SHA1:DDA81BB8BC8CC14877C9CB9B7C664DEFD81EBB4F
                                                                                                                                                                      SHA-256:F42A771D310C762C05A5BE3DE0CFDB9BEC28D3DFCCAEF800C901F551A0DF30ED
                                                                                                                                                                      SHA-512:7AE76A4CB58A9929C09B1D6376073268622C74B1E3F0C346AFA7A7829E2EF136CCF091F58CCA28BFE83C665573C23D9DB6AF51A44275DA0CC2CF8C1306ADDBAC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._.._.._..V.X.=..K..S..K..X..K..W.._.....K..^..K..-..K..D..K.4.^..K..^..Rich_..........................PE..L....+.X...........!.....dA.........P.3.......A....c.........................@E.......E...@A.........................i@.K&..L.A.......B.H.....................D..-......T....................O...... .................A.H....C@......................text.....@.......@................. ..`.wpp_sf.......@.......@............. ..`.data....6....A......hA.............@....idata...1....A..2...nA.............@..@.didat..4.....B.......A.............@....rsrc...H.....B.......A.............@..@.reloc...-....D.......C.............@..B........................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\shiFBA.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):83128
                                                                                                                                                                      Entropy (8bit):6.654653670108596
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:0jIdYoF2CwmzOVStYMAuNWrmaTk++ouMOczT0ud4x41xmPS:0jRoFZwmr+bDk/MOcv0G4sxm
                                                                                                                                                                      MD5:125B0F6BF378358E4F9C837FF6682D94
                                                                                                                                                                      SHA1:8715BEB626E0F4BD79A14819CC0F90B81A2E58AD
                                                                                                                                                                      SHA-256:E99EAB3C75989B519F7F828373042701329ACBD8CEADF4F3FF390F346AC76193
                                                                                                                                                                      SHA-512:B63BB6BFDA70D42472868B5A1D3951CF9B2E00A7FADB08C1F599151A1801A19F5A75CFC3ACE94C952CFD284EB261C7D6F11BE0EBBCAA701B75036D3A6B442DB2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.T...:...:...:.....&.:...9...:...;...:...;...:...:...:...4...:...?...:......:...>...:......:...8...:.Rich..:.................PE..L...Y.............!.........H.......n..............................................;.....@A........................P........B.......`............... ...$...p..........T............................................@...............................text.../........................... ..`.data....!..........................@....idata..H....@......................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\7z.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1390312
                                                                                                                                                                      Entropy (8bit):6.599443687044708
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:w4wwwwscgymwef8Z8Zzj6z1el68mUi1m/ONxdDDHNCU+3kvaBW7839l5Qafgb6L1:pwwwwscgymwefyEQ/U6/NnDDHNCTeaBf
                                                                                                                                                                      MD5:292575B19C7E7DB6F1DBC8E4D6FDFEDB
                                                                                                                                                                      SHA1:7DBCD6D0483ADB804ADE8B2D23748A3E69197A5B
                                                                                                                                                                      SHA-256:9036B502B65379D0FE2C3204D6954E2BB322427EDEEFAB85ECF8E98019CBC590
                                                                                                                                                                      SHA-512:D4AF90688D412BD497B8885E154EE428AF66119D62FAF73D90ADFFC3EEF086CF3A25B0380EC6FDC8A3D2F7C7048050EF57FCEA33229A615C5DCDA8B7022FA237
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0...0...0...9a.=...9c.I...9b.(...b......b.. ...b..&...9...1...9...7...0........4................1....o.1.....1...Rich0...........PE..L....x.c...........!.........~......x7...............................................~....@.........................P...|......P....p.................P,..........0...............................P...@............................................text............................... ..`.rdata..............................@..@.data...0........4..................@....rsrc.......p......................@..@.reloc...............B..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\APKwait.bat

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):34
                                                                                                                                                                      Entropy (8bit):4.231009444816111
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:mKDDGMLCyLuVFOZh9n:hSKfLuVFOZz
                                                                                                                                                                      MD5:326F18673467B34662A43E1B7588C82D
                                                                                                                                                                      SHA1:A9E584530B851E014BB475FEBE51474D7E41278E
                                                                                                                                                                      SHA-256:4693C9628F2CFC8C789225B984CCEA576D665D6792B3CA265EF0B5D27127CAF2
                                                                                                                                                                      SHA-512:56B39C93DE447F73BB94F6A0EECA1E20B318CDA3CC5B5ABE14BCB0C8E6F0A066AF98D8C6DDF42A1E4B57E82747142663FAA5554E5F941E2B90C38D4C105ABC9F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:@echo off..ping -n 10 127.1 >nul..

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\APXhttp.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):57504
                                                                                                                                                                      Entropy (8bit):6.908600489842891
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:5wQ0j2HOip0EdcP2dWDWoviK2SVb41Pxc73LPxA:5VOqd+vi3Sb0xcDTx
                                                                                                                                                                      MD5:02948F19A0488CED88F4806C959EF24F
                                                                                                                                                                      SHA1:D47C1439309BEF82C1CA0A623D1CBC70C259B935
                                                                                                                                                                      SHA-256:712B2845697459CCDF6E71BAE7FF3B423254A91EB5C85B02551B2AD2A4112EE3
                                                                                                                                                                      SHA-512:681182CBB8E55C0008F4D2B6141B507F51C98050F014A66D256A5252E24F8DD2AC8559D71F0F01953830DBBF840F07C57A7E520274180B5AE35329D447AA8675
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........L..-.-.-..X.-.U].-..X.-.Ub..-..X...-..X...-..X.-..\.-.-..-..X...-..X.-..X...-..X.-.Rich.-.................PE..L.....tc...........!.....R...:......@........p............................................@A................................l...........H................R..............T...........................p...@............p..h............................text...MQ.......R.................. ..`.rdata...$...p...&...V..............@..@.data................|..............@....rsrc...H............~..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\APXmodule-2.0.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):37024
                                                                                                                                                                      Entropy (8bit):7.054557610794306
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:dBdwySZ+f1RGV4NhzM8EJPxm5Yi3fPxWEf:dLtf1c4b41Pxo73fPx
                                                                                                                                                                      MD5:F6C740A06CF69CB38527B746C1B5C90D
                                                                                                                                                                      SHA1:6EE733F791DE76AE9B6EDA05F4514BBAC3D17749
                                                                                                                                                                      SHA-256:29B7F57469745537CABAAB229BFB9FC2084CC7BEF14EEFE734C2C3A6EBF02F48
                                                                                                                                                                      SHA-512:01FBCAB3ED927082F60F96E0EA6647540F333FD2CB85E6E108D5FD0FAF358C809098B2CC0F8C50CB8BEA37FA81AADF31D21DF3F043B91E71F5D330E1407086A2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........gZ........................................................t......%..............t.......t.......t...............t.......Rich............................PE..L...K..a...........!......... .......!.......0............................................@A.........................8..L....9.......`..8............>...R...p..l....3..p...........................(4..@............0...............................text...d........................... ..`.rdata.......0....... ..............@..@.data........P.......2..............@....rsrc...8....`.......4..............@..@.reloc..l....p.......:..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\ATellPhon

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):16
                                                                                                                                                                      Entropy (8bit):2.091917186688699
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:WlWUqn:idqn
                                                                                                                                                                      MD5:EAD3D4CBA62CAD943DCA9FA88139D258
                                                                                                                                                                      SHA1:244E3C37AB41854F5B221653AC42CF26A4FAA97D
                                                                                                                                                                      SHA-256:74228703D2D0DCF060D50F1046EDB9D7273D901E50B728AFD50A4D42BE752674
                                                                                                                                                                      SHA-512:7ED4C73369A9E1C7CABABD6BB9E04674FC6E1D0C7FB40F46A129B94BFF895F9C65413A4875BBCEC91F4DDDC9B3CF7FBB344CDC87CC9E636DC6843775204F413B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ..............

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Agent

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                      Entropy (8bit):5.761658988442702
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:ovAw66vILDbNRhbHeJh8+oXBjxJd5IyYQGSbdkDjkoebjDISVjNW8SCW0:ovAOQbSEln5IyYpamDjobj8ShSA
                                                                                                                                                                      MD5:A5DD94434C702493D4577E966134B303
                                                                                                                                                                      SHA1:6BFAEB811189C41521802A11E0836237CD169395
                                                                                                                                                                      SHA-256:A26F4219815C297C705060B77595EF76E35E9E2BEDBEB5AFB3357CDC5BA2717F
                                                                                                                                                                      SHA-512:C5A44A9D526C2D494FCDCD765BAF7A765E53838F53A65DF1D1CE4114FCB1186296A8FAEBEE4BD0A39A41C9E96AA3B3484E07D86FBD117BE7915610EB4EF5CF77
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1.q.u...u...u.......t...u...X.....B.~.....A.t.....@.s.....E.t...Richu...................PE..L....R.H.....................h...............0.......................................b..........................................x....@...d..........................................................8...@...H...|....................................text...j........................... ..`.data...8....0......................@....rsrc....d...@...f..................@..@l..H8.....HC.....HP......HZ......Hd......Ho...........msvcrt.dll.KERNEL32.dll.NTDLL.DLL.GDI32.dll.USER32.dll.IMAGEHLP.dll.....................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\BBC.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):710888
                                                                                                                                                                      Entropy (8bit):6.630506217753263
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:6BMGnPEAEuRNz2HuiEJe0z6h5KEuEVv4D1wEM50+OD2evinKqcQUuWnI8:6BMGnPEAEyXiEw0xXD2evincvFnn
                                                                                                                                                                      MD5:FAE7D0A530279838C8A5731B086A081B
                                                                                                                                                                      SHA1:6EE61EA6E44BC43A9ED78B0D92F0DBE2C91FC48B
                                                                                                                                                                      SHA-256:EEA393BC31AE7A7DA3DBA99A60D8C3FFCCBC5B9063CC2A70111DE5A6C7113439
                                                                                                                                                                      SHA-512:E75C8592137EDD3B74B6D8388A446D5D2739559B707C9F3DB0C78E5C30312F9FCCD9BBB727B7334114E8EDCBB2418BDC3B4C00A3A634AF339C9D4156C47314B4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........f..............U.......U..B....U....................................................c.......c.......c.......c.......c.......Rich............................PE..L.....]d.................n...8......dB............@.......................................@.....................................d.......................P,.......g..pL..T............................L..@...............(............................text...Hl.......n.................. ..`.rdata...............r..............@..@.data...4R...0......................@....rsrc................:..............@..@.reloc...g.......h...B..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Blend.visualelementsmanifest.xml

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):310
                                                                                                                                                                      Entropy (8bit):5.218991813797138
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:ejHyaVic4subiKFNFWod/OjpFFHDhkQwY7HmXXKmJpkQwYEn0gCYEnP9FN:eF8iK9WW/OjrF4CA/cX0vXDN
                                                                                                                                                                      MD5:B3D5B8ADD818034C991FE15C13E0B055
                                                                                                                                                                      SHA1:3FBFBECC2C10DE459586B3B39D2F7CB45289C8B1
                                                                                                                                                                      SHA-256:79F8A190196CC5B79B99A07991A34B2E5AA25989FC22121B6C17B80F4772801E
                                                                                                                                                                      SHA-512:3C3E233072D9F4F94DDF2AF992339F43755DE9BC4F136BC6CC2EB1255B55C97D86495B8AF415C6880D62D8904D9E2EE61B427CA13FAB08492D4341F1D2E86E0D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<Application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <VisualElements.. BackgroundColor="#2D2D30".. ShowNameOnSquare150x150Logo="on".. ForegroundText="light".. Square150x150Logo="Assets\Blend.150x150.png".. Square70x70Logo="Assets\Blend.70x70.png" />..</Application>..

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Browser_1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):38
                                                                                                                                                                      Entropy (8bit):3.827554659468926
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Ol/QfkTsfIedYRXY:OlTT2dYRI
                                                                                                                                                                      MD5:F1B791B8D42F4D4B5794E254F7A86BD1
                                                                                                                                                                      SHA1:20B839C9257D51F28C7814C99922DBCD1A1EE248
                                                                                                                                                                      SHA-256:174423E75513994F0205EB2D874583D791C17A391B1DD97FBCE3CAD7E7FCAE61
                                                                                                                                                                      SHA-512:924CA93F18CB19C2F138E9DCFA21C0E90473EC2FFBAA3AC208A26ED9944FB0FCAEDFCCAC7138A5A825EED3B4FB033653BEE4BC2F79CD9D5084156A0D9D685407
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:{491EB955-8A31-4381-BA1F-FDA4C60415A4}

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Bseziof

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:COM executable for DOS
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129008
                                                                                                                                                                      Entropy (8bit):7.827316426792684
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:vRZzFCwH6WrKxTtcZaUMueR2ZGCApbu7n31bsj9y:pZBC66WrKDcMxR24rpbu71g
                                                                                                                                                                      MD5:D76420DC56BE74361FF5053D87A752A7
                                                                                                                                                                      SHA1:E4E95C6D322FA5007F045F969A507A79DBA24A18
                                                                                                                                                                      SHA-256:CAA76B91F5ED0D10ADD3F757B7412822795013547AB286906D9F3740C0501A32
                                                                                                                                                                      SHA-512:C96654CB012F883037DC11478256779A4859C1A8D158D53430CE83040BAA327F0B060D52A6B8C7832F6497D3F7FABEF47EB4E33C841CBB90EA5373D7263398CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........@...............................................!..L.!This program cannot be run in DOS mode....$........\..I=.I=.I=.2!.H=..2..K=..!.K=.&".K=..".K=..2..R=.I=..=.....=.I=.H=..".J=.RichI=.........PE..L.....*g............................0.............@.................................................................................................................................................................................................UPX0....................................UPX1................................@...UPX2................................@..............................................................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.....D;..t.f8k..$...

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\DataTransform.ini

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:Generic INItialization configuration [Userddress]
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):313
                                                                                                                                                                      Entropy (8bit):5.67841607960707
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:OZPixNiKRSVWTQlY2LXmwPxhb4eR8iiLrAmXOtAvHPzT3U6g:OZaRRXQNLXmwPxhb4e7iLkmXOtqL72
                                                                                                                                                                      MD5:5DB5802855390316509312EA98913E3F
                                                                                                                                                                      SHA1:941E2FB957A5160AAD5BCBB69D4D8EEB1E679679
                                                                                                                                                                      SHA-256:16BA11467408450A06C599D7AFC8D3FF383EF6FC06E0FAF028CC71DCF71EB980
                                                                                                                                                                      SHA-512:B048090B41CE724D3F09BA82B70606F553658990F007BDB93BE41D0178DA81B210956D815EDE31319C35E86EF74CC5B0DCA69F113D066B16745DE6B7583C3E98
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[Data]..Type=UMnwio9zv2FqxxUVMR0jWJnXhzGyjuwdGhyjE7NmuwPzPTn2oWYbUgHhroi6QH..[Userddress]..Data=ya4feBPz9quDWubPmy1BrWBrJ2epxBFxdZ2u51ne4Q6dcjTemYgPRQMGN5akXwRqkmPKRMc5ptX1Mccd9HRaBLKEd0AntxumwTZx..[DataTransform_CreateZlibCompressor]..Dictionary_Rekey=A.exe..[ctrl]..ctr=SearchRun.exe..[Desktop]..Desktop=rar.exe

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\EduWebContainer.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12840
                                                                                                                                                                      Entropy (8bit):7.986702439437666
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:/ZrfidU1vKpUcMlqiP66dS2qu9wl2apxWama5IWmciIplqLngTmfqDnoKax5eq3m:Jfim1C4lqiP1dxWZZGciI62oROzl
                                                                                                                                                                      MD5:11F506F266C236A58D62D0F466A537AD
                                                                                                                                                                      SHA1:F948F8013782A3AA3F5D7BCAD62E8CC63146007C
                                                                                                                                                                      SHA-256:958BF016A726EDF619062E3C56CE54E6E46C9982912EB92081A2B91B2B5E50B0
                                                                                                                                                                      SHA-512:5E5C636D05B8D4B3F880243B001FF8CB32EC1883D86F55F78CA65CD92BA3B9BF52A84BB75CA9F98FFA423ECF683EFA22F2B584FE0B9B6C104A7EE1C145B81634
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...Y{.B....&...oy.}..F{...z..H'...".*.x...... .(_.L./.5.....W.\.....;...T.J.G.MH.][a...c....2nfF.E.r<..N.F.E....n....&>..../.f.]..u...(]...M..$.#tl{.L.R...Nx.....J..2...h.e!Z=.r.Y.._.U..s..v.T.4.JQx2.._F3.+........j...V..-c|vO.%r......d../.g.}b..!..<K.1#...OeU. ;!N..n..G..k..N...).y`~!.....Z'.d..$...-.r..z...v......>>m.... >28..{..-.l......Nv..x..#m........l.1.8..$_.......\..m........x.]f..C..Y/.(qGC.3..N.`.!(..m.C...=.<.../.P:.Zf^.dm...+.3..V.....^.D.......[K.$...E.....E.b.~.:....=Xz\..J.....uG.LWA.`p...N.ze.P.R.......U.>...{p^...;A.Rj......L.......Dcx/@}-....... .~....2'...m..>....@.`..8Km.X.N..rs....r.Z..g..h..*...*.P.~.."v.7...\...v.....rDs.Buo.......1.].c...X..:.....9 K...W5..F*#^.;AoH...!.%...F.T>.g.F[.H...M.B.f....."...s..T....e.F'..HY..&6.3.k.<L.kU.......[HZh.J8l..5....C..A...=.}.?........+./.peQ#.x`.W..*.h..!..,.q .Q.w*./k.#...Y...k.Y.\..........0v........:G.`h......f...Eq.y..........G.2......J.)..\..C."..A8.....A$..tIu.....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):174304
                                                                                                                                                                      Entropy (8bit):6.858552596804119
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:Q0HJ5wo1/MJjozYJimE2BamDKigu/fgl1glfdjgBftJeCE5vLEnM7QrRz:/J5wUmhkmDKVuE1gQJeCERLG1F
                                                                                                                                                                      MD5:0D318144BD23BA1A72CC06FE19CB3F0C
                                                                                                                                                                      SHA1:91A270D8E872EA2A185309CA9CE5D9F08047809E
                                                                                                                                                                      SHA-256:60503684F39425C5505805A282EB010ECB8148BBF7EFE9BBA9CF33C507AF7F3A
                                                                                                                                                                      SHA-512:A3F3C7D84644B13868AC324947C2D678620E341E368B781D45F244A53F448D6B24BE7B50AC9908728DFBBB74214FCB46902137910E907F14F601518C0EFD215B
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........k.A...A...A...,...H...,...;...,...Y...z...S...z...S...z...d...,...D...A...........C.......@...A...@.......@...RichA...........PE..L...V.]d.............................#............@.................................Z.....@.................................48..<....p..0............`...H...........*..T............................+..@...............$............................text............................... ..`.rdata...^.......`..................@..@.data........@.......2..............@....gfids.......`.......<..............@..@.rsrc...0....p.......>..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\CIM_ResourceAllocationSettingData.xsd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (342), with CRLF, CR line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8108
                                                                                                                                                                      Entropy (8bit):4.965236708426262
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:MuZUkwsSwZhuV3wM3DwuMu93wv3Dwui4Cya:MuZUkwsSwZhuV3wM3DwuMu93wv3Dwui/
                                                                                                                                                                      MD5:A77B71F6E5FE1F50065AC8A15796AFEB
                                                                                                                                                                      SHA1:80A83A247FFD47529419873B32E02852B75D47AF
                                                                                                                                                                      SHA-256:D02D5181E13AA96B67AB75F51C03AB1F1286F7A28FD92ACA3021E4E694A4E2E8
                                                                                                                                                                      SHA-512:E5502B347C545C4460ABDA78242B238D83AB4645F0495D933B4C419CB4872520915E13C8A6F5137B260B000C690145A8139A7FF47286BC9875531F74167B50A8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8"?>... Generated by WBEM Solutions, Inc. SDKPro 3.0.0-->...<xs:schema xmlns:cim="http://schemas.dmtf.org/wbem/wscim/1/common" xmlns:class="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ResourceAllocationSettingData" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_ResourceAllocationSettingData">...<xs:import namespace="http://schemas.dmtf.org/wbem/wscim/1/common" schemaLocation="common.xsd"/>...<xs:element name="ResourceType" nillable="true">...<xs:complexType>...<xs:simpleContent>...<xs:restriction base="cim:cimAnySimpleType">...<xs:simpleType>...<xs:union>...<xs:simpleType>...<xs:restriction base="xs:unsignedShort">...<xs:enumeration value="1"/>...<xs:enumeration value="2"/>...<xs:enumeration value="3"/>...<xs:enumeration value="4"/>...<xs:enumeration value="5"/>...<xs:enumeration value="6"/>...<xs:enumeration value="7"/>...<xs:enumeration val

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\CIM_VirtualSystemSettingData.xsd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with very long lines (332), with CRLF, CR line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5951
                                                                                                                                                                      Entropy (8bit):4.95379352101584
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:IHpusmyEYtpusmyEcpusmyEf6dEvrgeUKMvLm0n/:4usm0zusm+usmLtVUKmLma
                                                                                                                                                                      MD5:8737313A1CD47D1BD415F4CD7C8D5A35
                                                                                                                                                                      SHA1:C3FE8ED373DD8807DC56B8ACD807A01163BA1945
                                                                                                                                                                      SHA-256:190C096159A5286655707E1141EEFFCE86484AC48DE4F54CBA4CD44C59868CDB
                                                                                                                                                                      SHA-512:C3090FC492DC1C875715B1A82906F7466CA63AE5BDFAB0A7730DBEDAAF622ED7FC5471D9F036813D423C33CDB4CC80BA9A8AFCC8387E365FDB7148B84BF2BB8B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8"?>... Generated by WBEM Solutions, Inc. SDKPro 3.0.0-->...<xs:schema xmlns:cim="http://schemas.dmtf.org/wbem/wscim/1/common" xmlns:class="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_VirtualSystemSettingData" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/CIM_VirtualSystemSettingData">...<xs:import namespace="http://schemas.dmtf.org/wbem/wscim/1/common" schemaLocation="common.xsd"/>...<xs:element name="VirtualSystemIdentifier" nillable="true" type="cim:cimString"/>...<xs:element name="VirtualSystemType" nillable="true" type="cim:cimString"/>...<xs:element name="Notes" nillable="true" type="cim:cimString"/>...<xs:element name="CreationTime" nillable="true" type="cim:cimDateTime"/>...<xs:element name="ConfigurationID" nillable="true" type="cim:cimString"/>...<xs:element name="ConfigurationDataRoot" nillable="true" type="cim:cimString"/>...<xs:elem

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\DrawContent\DrawContentNoname.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):144872
                                                                                                                                                                      Entropy (8bit):6.1033991888043255
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:Poib/ncfh8z2geq5CpLFuAzpXDGX12HBt:zb/6RpugpY2HBt
                                                                                                                                                                      MD5:D0C679D73048A8AF8C5F483BDBCAF0A2
                                                                                                                                                                      SHA1:6AFEBA5B8C5A390B2A487590A5EE7E10ABFEFE6F
                                                                                                                                                                      SHA-256:952451312864D1CF98C137EF6B5048F325325CC1237B1D1DB26819839ED7FC27
                                                                                                                                                                      SHA-512:BCFF13C8FD3B01AA5F8BA54D91ACE7E74EF5A370808B517471271FE39318938DECAFE5A40D26A94D46D3DBB2E5EB152209828269EC86B210B04C3C13B13DA23F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'.I.Fz..Fz..Fz.+...Fz.+...Fz.+...Fz...~..Fz...y..Fz......Fz..>...Fz..F{..Fz../s..Fz../...Fz..F...Fz../x..Fz.Rich.Fz.........................PE..L...N.;^.....................<....................@.......................... ............@.................................T...P....@..................PC..............p...........................0...@............................................text............................... ..`.rdata...\.......^..................@..@.data...L.... ......................@....rsrc........@......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\LICENSE.3rd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6264
                                                                                                                                                                      Entropy (8bit):4.246298126375936
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Pf3v3vP3X3P3PPnHnPXvHf/H3PnXnPfnPHnvfP//PHffH3H/v3PnfHXP3vP/P3Pr:b
                                                                                                                                                                      MD5:DDDAB64301999870824A2CC0E358689B
                                                                                                                                                                      SHA1:664263BF0641B55AF72EFBB6A9AB91AC77673D54
                                                                                                                                                                      SHA-256:DAAA8FC859B10444E218800FC15E2E7560EBF59E269BB58DD8D82C9305F73C6E
                                                                                                                                                                      SHA-512:DABA1DC82031056430E0150DAD18B43BB3D4A6AFD67E802BC7F867D274E1221F5BB9C12EA3213148FB6114FB79559C86E141C75D828ADC11F7C4372E70072827
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:"z.rz.....r.b..*.z..bz..bJ.*rjRjR**..B*.2zbbz.Jr:..z2....*.j....*.Jr.b."*".Jr..BJ....z"....."J.*...JjR..*.z2..r..z2..BJ...z2....*.J..:z.*.r*".....B*..*.j..z2..B*.bJ.*r.*..*bz..jRjR"J.*...J.j..J.bJ.....jRjR..J..*r.....R..Z*..JZ.z*.B.R..Z*..JZ.z*r"ZJjR.z..J:B..B.J.....j......R..Z*..JZ.z*rjRjR.BJ...z"*.j....*...*".Jr..zj.Jb*".2z.j.Jr..r.......z.."*.J.*r..B*.*jR.z...*.2Jb*..j....*..*"J...J...*".....r..j*.r....z.J"Jr:.J..J.jRrz...zb".2z....z2J...J.Bz....B*....Bz.....J..*r..zr.*r.b..r"jR..z.J"Jr:..B....BJ..rz.J.*..r"..B*....Bz...r.j*.J..Jr.b."*"rjRjR.BJ..2Jb*.J....z.J"*".....J....J.B.rz.*..*..*".z..Jj.bJ*"......r..rjR.B*....Bz.....*....rz.bJ..JbJ...J2.J......*...r..".j.:*..z..z..z...z..jR.zj...*...B...z*.*.r.J.:..2.**b..z."zr:..B...b*.j*...z...J.rjR.*...*.z2...:.rjRjRjR**..B*.2zbbz.Jr:..z2....*.j....*.Jr.b."*".Jr..BJ....z".....".JbJ.jR..*.z2..r..z2..BJ...z2....*.J..:z.*.r*".....B*..*.j..z2..B*.bJ.*r.*..*bz..jRjR.z..J:B..B.J.....j....b.".JbJ.."*.*bz...*.jB..r:.B...:j.Jbr.zjb....*bJ..r.:j

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\LICENSE.libcodecs

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):311
                                                                                                                                                                      Entropy (8bit):5.363090655038483
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:EGLzVYRFoUgLhHx0iFolaXM+MA3GtfX2SMOFrNNRJhl//bB9bPL9RbtBnbPZrVTF:EGLzWF65x0mq3kJO9NX
                                                                                                                                                                      MD5:433000AA79D90F93C87E11F86A786F67
                                                                                                                                                                      SHA1:A1B8B8F69884A4CE9BB433D96ACBED3337C5AE5E
                                                                                                                                                                      SHA-256:08E569EEABC5D4082F4A59142F22534FF57F12F991CD4E1A36811511799EF109
                                                                                                                                                                      SHA-512:DB752A2D65D8F276D6225A7C478EB1674EE3B0829CA57272A54D55C1C9E25A9E9DDD93699E41D6CF53E36313C8DDF4C0C034EDAC765139124620F0E5FFA99E8D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:libcodecs is part of the "Huorong eXtendible Stream Scan Engine" project copyright by Beijing Huorong Network Technology Co., ..6...&,:8 648..,...4&4<.46.."64....4..4.$.. 2...4.pbT.f4..4..p4"4.<&.^.:&,8.f,84".4..fp^f......V.4.2.&&.. ..84.8 64. 2.&,:8 648..,.." .. ".p,.n.:..........0,...:.8 $..<.6...&,:8 648...

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\LICENSE.libdt

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):294
                                                                                                                                                                      Entropy (8bit):5.406360206907183
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:EBjMWEXRFoUgLhHx0iFolaXM+MA3GtfX2SMOFrFjJ//bB9bPL9RbtXhbZrVTl/9z:EJuF65x0mq3kJO9/
                                                                                                                                                                      MD5:5E48AE384DD6874C64E8129FAA0F4D1F
                                                                                                                                                                      SHA1:9A7A273EC1E97FA80304A51A5874E2C40E68D993
                                                                                                                                                                      SHA-256:4CA63968FCBE57FE9A9079DBEA85375B6129ABFF45CFB42E24A7F1DDF044943A
                                                                                                                                                                      SHA-512:20552DEBAAACF783BB128EB2A619125507921E9E3971EE43EA9613F681FBFD3BA711CD774E1DB9EDD7B56C36D1181DD42D8BB73C0AAE0CA3BEFA20E0B482BC17
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:libdt is part of the "Huorong eXtendible Stream Scan Engine" project copyright by Beijing Huorong Network Technology Co., Ltd.....:6..,...4&4<.46.."64....4..4.$.. 2...4.pbT.p4"4.<&.^.:&,8.f,84".4...4.., ".......V.4.2.&&.. ..84.8 64. 2.&,:6..,.." .. ".p,.n.:..........0,...:.8 $..<.6....",8 ."..

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\Microsoft.VC80.ATL.manifest

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):376
                                                                                                                                                                      Entropy (8bit):5.187860451409661
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:TMVBd6OjzIIBeBXVL9obRu9Td8gH9aO/5TMiX1+jSQdS1vwIgVf+ZaYf7:TMHdt4IBeBFLOwHR5TNl+rmxgVKaq7
                                                                                                                                                                      MD5:0BC6649277383985213AE31DBF1F031C
                                                                                                                                                                      SHA1:7095F33DD568291D75284F1F8E48C45C14974588
                                                                                                                                                                      SHA-256:C06FA0F404DF8B4BB365D864E613A151D0F86DEEF03E86019A068ED89FD05158
                                                                                                                                                                      SHA-512:6CB2008B46EFEF5AF8DD2B2EFCF203917A6738354A9A925B9593406192E635C84C6D0BEA5D68BDE324C421D2EBA79B891538F6F2F2514846B9DB70C312421D06
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>. Copyright . 1981-2001 Microsoft Corporation -->.<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">. <noInheritable/>. <assemblyIdentity. .type="win32"..name="Microsoft.VC80.ATL"..version="8.0.50727.4053"..processorArchitecture="x86". />. <file name="ipaip1.exe"/>.</assembly>.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\Microsoft.VC80.CRT.manifest

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):314
                                                                                                                                                                      Entropy (8bit):5.140999301390513
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:JiMVBd6OjzPbRu9Td8gH9bZELrbvm/53SMiX6+hPABdS1FggVfgk5Z:MMHdtlwHHJ53SNK+hPIRgVR5Z
                                                                                                                                                                      MD5:710C54C37D7EC902A5D3CDD5A4CF6AB5
                                                                                                                                                                      SHA1:9E291D80A8707C81E644354A1E378AECA295D4C7
                                                                                                                                                                      SHA-256:EF893CB48C0EBE25465FBC05C055A42554452139B4EC78E25EC43237D0B53F80
                                                                                                                                                                      SHA-512:4D2EC03FF54A3BF129FB762FC64A910D0E104CD826ACD4AB84ED191E6CC6A0FEC3627E494C44D91B09FEBA5539AD7725F18158755D6B0016A50DE9D29891C7E5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">. <noInheritable></noInheritable>. <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="x86"></assemblyIdentity>.</assembly>

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\common.xsd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6812
                                                                                                                                                                      Entropy (8bit):4.737569607251046
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:z6H9K9r24/jtVOuVG/PCGHhWrrIafb7fL5qlz+DLSQ7LXOgF:VNtLz/Y3xB6rPPlyz+Dt
                                                                                                                                                                      MD5:D7216C4C115C30D3DC996F339C2197E2
                                                                                                                                                                      SHA1:9C90B140316FFB6AF090BD80DF40EA744D555B11
                                                                                                                                                                      SHA-256:946C1E2C50EA753E2CF3F40CB4A83C319E0D5693C3B017AD3F9811792319D2EE
                                                                                                                                                                      SHA-512:9A0F133B8517B86A29AAA0F541573842A4B76D6DE30C1167D4EEB2F08D0568CE94ABC81341049BFA328D85DFDC8D8B74177B9A896107C2438168EA4EA5B47FC6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="utf-8" ?>.... DMTF Document number: DSP8004 -->.. Status: Final -->.. Copyright . 2007 Distributed Management Task Force, Inc. (DMTF). All rights reserved. -->....<xs:schema targetNamespace="http://schemas.dmtf.org/wbem/wscim/1/common".. xmlns:cim="http://schemas.dmtf.org/wbem/wscim/1/common".. xmlns:xs="http://www.w3.org/2001/XMLSchema".. elementFormDefault="qualified">.... The following are runtime attribute definitions -->.. <xs:attribute name="Key" type="xs:boolean"/> .... <xs:attribute name="Version" type="xs:string"/> ...... The following section defines the extended WS-CIM datatypes -->.. <xs:complexType name="cimDateTime">.. <xs:choice>.. <xs:element name="CIM_DateTime" type="xs:string" nillable="true"/>.. <xs:element name="Interval" type="xs:duration"/>.. <xs:element name="Date" type="xs:date" />.. <xs:element name="Time" type="xs:time" />.. <xs:el

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\hi.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8544
                                                                                                                                                                      Entropy (8bit):4.277108053686666
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:WvI+bMk4g+7rdT2sc4EtGXQgcWh8bvPgLIjJQ9tkTjIkja4tEDIzqIrpKaF13aSy:Wv9oq6rdT2T4EtGXdF8jPgLIjJut2Ik0
                                                                                                                                                                      MD5:E34E94531BAF8957EBDFB5ECCDC52635
                                                                                                                                                                      SHA1:D7139BDF34F6F167456014D4D5E16CFDFCC18214
                                                                                                                                                                      SHA-256:5AF2CC87FE9FA69DA65C990070EE17AF3F612E3883621BD2474161BB508E454F
                                                                                                                                                                      SHA-512:CF3F4BCF0F5DC35BFC77594FD8AD4E9C6BF32291DAE2298C84B3A465EDB4B75851C0A58F39BB6828EA69E31293E5A4DA5DAA29F4B3F31306F37941491992FC58
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........N.....N.....N.....Nr....N.....N.....N.....N.....N.....N.....N.....N.....N"....ND....N{....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N1....Nb....N.....N.....N.....N4....N`....N.....N.....N.....N.....N.....N.....N.....N=....NI....NU....Nd....Nv....N.....N.....N.....N.....N.....N.....N/....N>....Nw....N.....N.....N.....N.....N.....N.....N'....NX....Na....Nm....N.....N.....N.....N.....N.....O.....O&....OI....O~....O.....O.....O.....O.....O^....O.....O.....O.....OI....O~....O.....O.....O.....O4....Ov....O.....O.....O.....O+....Og....O.....O.....O.....Oy....O.....O.....OV....O.... O....!O...."O....#O)...$O2...%OA...&OS...'O_...(Ox...)O....*O....+O5...,O....-O.....O..../O....0O....1O"...2O....3O....4O]...5O....6O....7O....8O....9O&...:O....;O....<OB...=O....>O....?O....@Oc...AO....BOo...COY...DO6...EO....FO%...GOD...HOk...IO....JO....KO. ..LO' ..MO6 ..NOO ..OOq ..PO. ..QO. ..RO.!..SO.!....`!............... .......

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\hr.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4256
                                                                                                                                                                      Entropy (8bit):5.476332948782519
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:nizQz4KzjHCKvMzSBvdI0s4TkqZfDhPhbdAQv7Dg3M3Y2UUzgJJC+Mo1tMoIJcAO:i8z4KPnM+JdLsY5xDhYrhRjaBVI7vr
                                                                                                                                                                      MD5:7CD82242FDDA155F0DC4C830A73225C4
                                                                                                                                                                      SHA1:436A156C8016B96B83B11931FF9562F29D805977
                                                                                                                                                                      SHA-256:0096FD57392462D010E9B4DDDA4D021A8B5E5BA78FF097958C1E7A00EC175A2B
                                                                                                                                                                      SHA-512:2C5133E3673D8470AF6067AF2E5B7D2150B71D3D87379CD94574F72E3CA2B251C08C7F7F530F705CB2EDD8D96263BA9A205346B5704238FC748180235C6809EE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........N.....N.....N.....N.....N.....N.....N.....N ....N&....N.....N6....NE....NU....Nd....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N&....NF....Ng....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N3....NA....NG....NR....NV....Nc....Ng....Ny....N|....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....O$....O,....O9....OZ....Oj....O{....O.....O.....O.....O.....O.....O.....O!....O.....OO....OS....O]....O{....O.....O.....O.....O.....O.....O.....O3....OO....Og....O.....O.....O.....O.....O.... O)...!O5..."O@...#OF...$OL...%OS...&OY...'O_...(Ou...)O....*O....+O....,O....-OZ....O..../O....0O....1OV...2O....3O....4O....5O....6O....7Oj...8Ow...9O....:O....;O....<O....=O....>O....?O....@O8...AO....BO....CO....DOe...EO....FO....GO....HO....IO....JO....KO....LO....MO(...NO0...OO7...POR...QOj...ROr...SO}.........DetaljiSpremiOvaj je indeks mogu.e pretra.ivati. Unesite kl

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\hu.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4734
                                                                                                                                                                      Entropy (8bit):5.650888808404625
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:+AA8bFIK4pwdJj/JqLn5yEnxSabw7rMVrCtZcqRcU+EFUkozbFFJOHVOrS:FAmkp4JjJqLnoxscZcqRcnEmko/FPO13
                                                                                                                                                                      MD5:8C5F95F081F6A23A2D058562A24224FC
                                                                                                                                                                      SHA1:0D8E3138654B66998341B1B4D07CB6E0CCF56DA3
                                                                                                                                                                      SHA-256:2288098F91E90D5F5583A42ACDB4D278A8438656A190EBC57FCC034FA0110054
                                                                                                                                                                      SHA-512:4D4A183A07B4014848DD5B50F520BA43ACDB37C8A2E280E32CC080A6FCDE8EE5D758CD0ED71A104E6FFDF3566BAE08A1141D666E0951344D98F802C9381875B0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N"....N2....NF....N\....Nt....N|....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N"....NL....Np....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N+....N/....N5....N=....NS....Nc....Nj....Nz....N~....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N$....N9....OD....OS....O]....O{....O.....O.....O.....O.....O.....O.....O.....O,....OI....Ob....O.....O.....O.....O.....O.....O.....O.....O.....O.....OL....Oh....O.....O.....O.....O.....O.....O*....OH... Oe...!O|..."O....#O....$O....%O....&O....'O....(O....)O....*O....+O+...,Oy...-O.....O..../O3...0Op...1O....2O....3OP...4O....5O....6O....7OH...8Oh...9O....:O....;O....<O....=OE...>Ok...?O....@O....AO....BO[...CO....DO....EOt...FO}...GO....HO....IO....JO....KO....LO....MO....NO....OO....PO....QO=...ROF...SOQ.....~...R.szletekMent.sEz egy kereshet. index. .rjon be keres.si

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\lco.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12800
                                                                                                                                                                      Entropy (8bit):7.307434278749024
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:azbge2/99IpWUFyCKaMgXGT/bl55oqyfvN:azb619IpWUFyQiB55aH
                                                                                                                                                                      MD5:E057AA4A56A9A2A628A8053F25A27D7D
                                                                                                                                                                      SHA1:D839E5258BBDB871C746C2CEF52E336487535C47
                                                                                                                                                                      SHA-256:2519081ECA56FADCF3B62E7CB22E55A1F839B9055E9F1E404FC28145D149E913
                                                                                                                                                                      SHA-512:D968AA76B1483A14B7D829C755A99C7AD09163D18DA6806F23B3A33664292F16A4695B596B0D2BE619A3B6DC909CFCB8CB7FF236641D1CC012E4F438364945E7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......y.P_=.>.=.>.=.>.R.5.<.>...0.0.>.R.4.'.>...c.>.>.=.?...>.i...<.>.Rich=.>.........PE..L......@.................0.......p................@.............................................................................t...................................................................................................................UPX0.....p..............................UPX1.....0.......,..................@...UPX2.................0..............@..............................................................................................................................................................................................................................................................................................................................................................................................................................1.20.UPX!....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\li.dat

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                      Entropy (8bit):3.3431390622295662
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:dU6mWhRE4Qm5In:vmWhlQ6In
                                                                                                                                                                      MD5:233B4AAF620B36D5569FFB334806A663
                                                                                                                                                                      SHA1:99E4C2ED4447B3CA2772F11374E7EC22DF06A04B
                                                                                                                                                                      SHA-256:C0F5633F8058E6CF0FEF5CE6AB91438663A1AE2670CB49350E095D8F667C9870
                                                                                                                                                                      SHA-512:24F4006DA19AE7B10408250AB326DB4EABE6E782BECCE130C0F25D2D0E43E738624CFD490BFAC0A8A6BD6E164C01FB76CD69BC050AD0BBF3052A854A516B0170
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:47AE4CA89C38F4D75F115CF41887F878

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\livehis.dat

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2
                                                                                                                                                                      Entropy (8bit):1.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Qn:Qn
                                                                                                                                                                      MD5:F3B25701FE362EC84616A93A45CE9998
                                                                                                                                                                      SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                                                                                                                                                      SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                                                                                                                                                      SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\package.json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with very long lines (766), with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):766
                                                                                                                                                                      Entropy (8bit):4.058458203323675
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Hf3xVxLvT5X9dz7bvfdz7JvV7zVBtD33pRXhXDhRZDR7z9fjdzp93xh/Td7f11tx:v
                                                                                                                                                                      MD5:5E41AD36487EAB944983A14C9C124D93
                                                                                                                                                                      SHA1:B8B098B88CBFF2F64589ABDBE7FBEFCA7C99FE3C
                                                                                                                                                                      SHA-256:26C6BCF0EFF67807AEB9F2F407D06DF653B99724AFAD9C9A9B8129DB7D8C3FAE
                                                                                                                                                                      SHA-512:F876BD1E49BB0C0B0660E14DD2D95C75F2124AFDE00D095674E53D0440B7BA7B89BC1A2576A9FE755B5C727E5808DB1C8A127CE4E4B2C124257412B76A200FD2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\rpi.dat

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):972
                                                                                                                                                                      Entropy (8bit):5.7488500702321135
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Fjjlnn5tllNTFllxXxjX/DNZH1/HnDD/trvDlL5TrjJrdbXZVtX5L3dlj1b1hX7x:r
                                                                                                                                                                      MD5:6513F31AB6F308B0B8802FA04C450122
                                                                                                                                                                      SHA1:AD3D14C5F78B5C2F2C4DAE06A486156A7B4126E9
                                                                                                                                                                      SHA-256:1445C8422A8FF14D8414300B819CBF2340A03A64158FCF7A3CCF76FDDB10DCA2
                                                                                                                                                                      SHA-512:CFB2754253E71B48EB6D69BA93641D06C0608C38FFFDCE2F5E54CED002997C9821299BADF26D95B2D84A41F13CA96A4F9D1C5E38D52DB2934AEF64C988844D98
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....0...............b.\.`.\.`.\.b.`.`.b..............................................8.......................................................................\.........................................................................................................................X.4*(.~x.x.b...P.....Jt*....f......VD....H.V.Z..~v.8.&h.x.x...F`....J.P|.2.P....h....F..j...h|......~r.0..:...DD....>.B`2..x.FP......H.4.P.............x.....P....... .........6j4......X4H.z..D.x.b.....Nt...l\pn44.@.n.........&......t2. VP.tx6.4..F.*.h.^..v.^..6.L.....n..|0@.R..P..x.J...(..lj.....&n..~.dV....td.B.....F..2:~...l..X\..0.`.....<.&.....@.N... t.z...Pr..Z..t..L.h...L..t..:.$..<.vx~..$>....L.xb.xJ......L&v..v4x.p.."B.@n.6....,.(V.x.R>64.....v...~...J.d..&......\JH.t..V...".0..n.TPd..,0......0.2.r.|.....:....2n...v..6...P..D....$.....8.&r.Fh(.d6.....J.n....$"...Xz<.2B~.z..H.....BV.X..\,.2.j...`..h@...j.....*.8X((.b..6(B.@D..b...6j..l&0T.<.(.T..

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\slist.dat

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2356
                                                                                                                                                                      Entropy (8bit):3.7394907365919403
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:nFrrxzj79bNZbHNbZdT9LbdHr/bfblpbdXzbrbrVd9P7XF5V3Rbb/NjbdbF9X1TH:R
                                                                                                                                                                      MD5:3CEEBAAA7FC6344B0274AB9274DEEED7
                                                                                                                                                                      SHA1:38832454403400441F9824C2265256A650C947ED
                                                                                                                                                                      SHA-256:F526024533673E6F167903F21978017EC712566E9EA1DD249671F119719F8DE9
                                                                                                                                                                      SHA-512:3E63A0F5764A59E77E5B0C4680DCCB33D1D52B4E622F84762D9949B736A6BDAB416BC72F3D2501BA90D46414186EC2C42677D1528E7186128D96082C32CB00D2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..$.......................r.r.|...........z...r.x.......x.....|.....|...x...F.^... .0...<.$...r.,.&.4...............F.......F.......X.<.2.4.F.....6.<...4.F...V.|...........8.<.:.............................x...F.^... .0...<.$...r.,.&.4...............F.......F.......X.<.2.4.F...<.2.4.$. .".F.......V...<.....4...4..........H.\(X(N......$.........x...|.z...r...x.r.........v.......x.z.....t.x...z...........x...F.^... .0...<.$...r.,.&.4...............F.......F.......X.<.2.4.F.....6.<...4.F...V.|.|.....v...8.<.:.............................x...F.^... .0...<.$...r.,.&.4...............F.......F.......X.<.2.4.F...<.2.4.$. .".F.......V...<.....4...4..........H.\(X(N......$.........v.......|.|...............z...|.....t.......................x...F.^... .0...<.$...r.,.&.4...............F.......F.......X.<.2.4.F.....6.<...4.F...V.|.t.r.......8.<.:.............................x...F.^... .0...<.$...r.,.&.4...............F.......F.......X.<.2.4.F...<.2.4.$. .".F.......V...<.....4...4..........H.\(X(N..

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\version

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                      MD5:F1D3FF8443297732862DF21DC4E57262
                                                                                                                                                                      SHA1:9069CA78E7450A285173431B3E52C5C25299E473
                                                                                                                                                                      SHA-256:DF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119
                                                                                                                                                                      SHA-512:EC2D57691D9B2D40182AC565032054B7D784BA96B18BCB5BE0BB4E70E3FB041EFF582C8AF66EE50256539F2181D7F9E53627C0189DA7E75A4D5EF10EA93B20B3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\HoursBroker\xml.xsd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):9123
                                                                                                                                                                      Entropy (8bit):4.770624688403829
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:FavQwyIregmSPwTy2k/3EeEQ6xGbd81PyCmD0DE:UvQwytg1425vE5bPEADE
                                                                                                                                                                      MD5:9FE2776E8A9D4BCFEE812A69F37DDABD
                                                                                                                                                                      SHA1:6264C527A996806B0C439F17C56B2E96DBF0FA82
                                                                                                                                                                      SHA-256:0BCA167A1B2FAABF9F2BB59A7C55C09B25C71974DB4D6125F91A14B7071F5E9C
                                                                                                                                                                      SHA-512:89D00A7602FC47858A0B0ADC81CDF4F63CBA0728EDA0B9824EA9DCC09B39A596A61034DA5001377444D6B6E07B454028DF528E722F5D2D268A50B296E2990259
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version='1.0'?>..<?xml-stylesheet href="../2008/09/xsd.xsl" type="text/xsl"?>..<xs:schema targetNamespace="http://www.w3.org/XML/1998/namespace" .. xmlns:xs="http://www.w3.org/2001/XMLSchema" .. xmlns ="http://www.w3.org/1999/xhtml".. xml:lang="en">.... <xs:annotation>.. <xs:documentation>.. <div>.. <h1>About the XML namespace</h1>.... <div class="bodytext">.. <p>.. This schema document describes the XML namespace, in a form.. suitable for import by other schema documents... </p>.. <p>.. See <a href="http://www.w3.org/XML/1998/namespace.html">.. http://www.w3.org/XML/1998/namespace.html</a> and.. <a href="http://www.w3.org/TR/REC-xml">.. http://www.w3.org/TR/REC-xml</a> for information .. about this namespace... </p>.. <p>.. Note that local names in this namespace are intended to be.. defined only by the World Wide Web Consortium or its subgroups... The names currently defined in this namespace ar

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\KwCommonUI.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1020288
                                                                                                                                                                      Entropy (8bit):6.392670889032173
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:m25q2rSATcolN/NKEM7GYNzOgcW6tAhc7rgnFEwXXfe5V2:m25q2rPlN/NKEhYNzOgcW6tAhy6EwXXb
                                                                                                                                                                      MD5:C87054BA4A83C6CA19977C446A722A7C
                                                                                                                                                                      SHA1:5743B16BC6D600E27B66D13CC04208BAE2A9A880
                                                                                                                                                                      SHA-256:6CB166C1895FC7DF5235658E3963C82200BBE5E71005FDB4F8744657A7F49B09
                                                                                                                                                                      SHA-512:87449A5FEF2B2B77198E0D946452F8E05B8F2B7ABAE239EDB2B848BD5E3F7A332A208DE71CAC7912D788CD1C47F80FA2BE9ED61DE2F8EA378E610A1DC0C46A9A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c..('.`{'.`{'.`{s.Q{%.`{.V.{!.`{...{&.`{...{".`{...{+.`{'.a{.`{.V.{2.`{.V.{&.`{...{4.`{...{f.`{...{&.`{9..{&.`{...{&.`{Rich'.`{................PE..L....,WT...........!.....<...8......c........P......................................`...............................p...30...t..T....................x..............._...............................................P..P............................text...-;.......<.................. ..`.rdata.......P.......@..............@..@.data...@...........................@....rsrc...............................@..@.reloc..r...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\KwLayoutMgr.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):287616
                                                                                                                                                                      Entropy (8bit):6.429805120462574
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:54s5ND8mRd6PUep7GdwmT+8b/IgcyIFoWIBOtBp2HsoM:5D5ND8mRd6PUep7GwmT+c/hOIg2Mp
                                                                                                                                                                      MD5:F260AF60120ECE46C499BADA5B4277AD
                                                                                                                                                                      SHA1:F1790AAC72B10A4BD4D88E9A143B96BE996197AC
                                                                                                                                                                      SHA-256:D52D01E382EA39D005F7AD2F3C13DA45B4DE4779608E08A9FB1AD5630D122043
                                                                                                                                                                      SHA-512:19FA19716965E0034AD57B0CE15BFF54DEC67D3C7E73408ACEC2E642E82DE4AC1E0C42E19CA58C494A1F95014980FDBDC9D904701F2CB421C993B9660F3C5C89
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............@...@...@...@...@{.C@...@.@@...@.V@...@.Q@...@.F@...@...@...@._@...@.G@...@.A@...@.D@...@Rich...@................PE..L....,WT...........!.....B...................`......................................X.....@.........................@................0...............J.......@...2...d..................................@............`...............................text...T@.......B.................. ..`.rdata..#....`.......F..............@..@.data...\...........................@....rsrc........0......................@..@.reloc..tD...@...F..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\KwLib.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):306048
                                                                                                                                                                      Entropy (8bit):6.678408876122077
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:YxgkPaSM1AoCbO0PSyTws4H9pAKz6QRWO2TBdHRrtYOttYO7l:YDPaUBKODmH9pdXRWO2TR/
                                                                                                                                                                      MD5:2E63EA70505847A7DB340F5004FDDE71
                                                                                                                                                                      SHA1:A4DA7AFF18A9A747490633F5490959BAF75658B7
                                                                                                                                                                      SHA-256:87AAB5BBBD2360C819B4E58BB0667693147764BA39FCDCBD3549ECA1D57355E3
                                                                                                                                                                      SHA-512:7DF80C017E2F5D1E40CB41795F40E82025B5ED188BD5AF4C812D24F9E8C77438C259417E8592C4D528D37DA495815A057623CCFA67DF35B27980847DBA91AEF5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........L.}...}...}.../D..}....S..}..M2V..}....U..}....C..}....D..}......}......}...}...|....J..}....R..}....Q..}..Rich.}..................PE..L.....4T...........!......................... ......................................&.....@.............................Fk..p...................................L....%..................................@............ ..|............................text............................... ..`.rdata..F@... ...B..................@..@.data...(....p.......N..............@....rsrc................T..............@..@.reloc..f8.......:...X..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\KwLogSvr.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):73088
                                                                                                                                                                      Entropy (8bit):6.419370395015747
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:OD24dyONDcOUOM498ldXs2xnQ+xcLP0OK2LBaNwF:X4kOO498laIQ+xcoOK2LBaNwF
                                                                                                                                                                      MD5:15F1FEC47E3AC4A2AE67BDE110CA698C
                                                                                                                                                                      SHA1:84EA58DEA72D9FE5B36ED64BEF2C19A43DF90EC1
                                                                                                                                                                      SHA-256:003D0E9F37639687CD72F8499743F88B54388A81E4322260280A70C0E601AE21
                                                                                                                                                                      SHA-512:C42E8F04FBFCE139D8365CC69CC161469FBB5443A2ACD9CCBBC584F85B04ABE2DFDDCAD1D53ECFB2AB54EBF004F5F10B730A2E677BBABFAD56400BEA7371AEEC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P.r.1.!.1.!.1.!%~@!.1.!.IC!.1.!.IU!.1.!...!.1.!.IE!.1.!.1.!>1.!.IR!.1.!.ID!.1.!.IG!.1.!Rich.1.!........................PE..L....,WT...........!.........V..............................................@..........................................B............ .......................0..........................................@............................................text............................... ..`.rdata...<.......>..................@..@.data...4...........................@...ConfigVe............................@....rsrc........ ......................@..@.reloc..:....0......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Lastnama

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3
                                                                                                                                                                      Entropy (8bit):1.584962500721156
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:I:I
                                                                                                                                                                      MD5:C2AEE86157B4A40B78132F1E71A9E6F1
                                                                                                                                                                      SHA1:162CDC2A8B567050EAE25592EEEDAF33464A7A76
                                                                                                                                                                      SHA-256:46DB1CA7F3598C26C3E6C8D99E3ED95D2B1C76DB040B8F8CD29AF723EE086077
                                                                                                                                                                      SHA-512:784CC010C961A58B42984A4EC538D299AB92C01CB95171C220FD26C473491F839FD032960DC148C866DA45411D4ACB93188F0F7857F6F2C09DDF3E9FF50248DB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:892

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Lastname

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3
                                                                                                                                                                      Entropy (8bit):1.584962500721156
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:U:U
                                                                                                                                                                      MD5:43FA7F58B7EAC7AC872209342E62E8F1
                                                                                                                                                                      SHA1:F022DA4E40566305C0C8F39FD8F4B83DD5368834
                                                                                                                                                                      SHA-256:96BB293AAA330EF307EE004448B92B75FFDC25ADE2831ED23FC60FFA97FFFB7F
                                                                                                                                                                      SHA-512:64B5514668BDBE6ABE7F86ABD790005F46D593D8E3EFB785C87DD8BA9035B8BC5FC72001DA81883391B690A5191057062EE711401C3E95C1935A3D3FFED138FE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:816

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Lastnymc

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3
                                                                                                                                                                      Entropy (8bit):1.584962500721156
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:kQn:kQn
                                                                                                                                                                      MD5:82F2B308C3B01637C607CE05F52A2FED
                                                                                                                                                                      SHA1:75D2A5A3C528920D00425F29099EED114B9134E0
                                                                                                                                                                      SHA-256:5C3E9040008C91509E2D28E5308034B677D4E2CC0B386863D4883BDB747EBA1C
                                                                                                                                                                      SHA-512:91CCE11EEDA35FD527AC3DDBB930281FCB14AF0EE46412D7A389B59AEA3F8D56F3D46E2EC3BE167406AC4D8FBBD4F7C1246C8F1E30384FDC913703A48D36E4BD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:725

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Lost

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):14
                                                                                                                                                                      Entropy (8bit):2.7534343861887853
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:ldNojgn:3NoEn
                                                                                                                                                                      MD5:5224444F84FC62353F98AD824C1B4F7F
                                                                                                                                                                      SHA1:9BC379C9B01210F9AC136B87039584FEBFD8465A
                                                                                                                                                                      SHA-256:F47FFEC6EA87BE558D26F9585C02E06A1B657959E4FA1A0EBEB883504BE2EFD4
                                                                                                                                                                      SHA-512:387BDACC1827D046D28AE73352E6D85DB018B06F70146952AB92EA004CD46F8154F5BB9153F17DADB5F6CB20CF6352AB6D1D4B1866076F97427D26F11C9D1FA0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:+/.4"(4++)4+)#

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\LostHe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):9
                                                                                                                                                                      Entropy (8bit):2.197159723424149
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:1Z:1Z
                                                                                                                                                                      MD5:0D7C1D8AE080978B8436817C87C11684
                                                                                                                                                                      SHA1:C83087520942084476EF74151BF451A0557993DE
                                                                                                                                                                      SHA-256:53D24F3BC80C44785C7645F347A17942B607CAA451FC2337F458EA0A73F920AD
                                                                                                                                                                      SHA-512:8605C26C90441DFC7DEE0C5816DF5DDCEF42D4A02DE7D819936A60C10A57191AD67F0B95F23FE8CE085EF5F156FBBC57303B44A995AB13B2B8CC941AAB73FEFE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.cf......

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\LostP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5
                                                                                                                                                                      Entropy (8bit):2.321928094887362
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:K:K
                                                                                                                                                                      MD5:49394C8AF72820A1AEB5C9924E2D9281
                                                                                                                                                                      SHA1:9F09DA9131EE0047BC4E368ECFF439F0F5E250BF
                                                                                                                                                                      SHA-256:631102D19F7CFA51907975CF02066DE70C2F4B5B6A4E3A7F9C4871719DC2A97E
                                                                                                                                                                      SHA-512:A3D662166699AC8784C01E0B7EF5D8F7716136B87EE0CB9FFBF5F45F730B8470E7ED57A90956E1F0FA4F4DE5C5C60960AF8622493EBCC88B2A0929FE798BAD60
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:,)-*+

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\LostPHe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3
                                                                                                                                                                      Entropy (8bit):0.9182958340544896
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:tH:1
                                                                                                                                                                      MD5:E62595EE98B585153DAC87CE1AB69C3C
                                                                                                                                                                      SHA1:40B904FD8852297DAEAEB426B1BCA46FD2454AA3
                                                                                                                                                                      SHA-256:38760EABB666E8E61EE628A17C4090CC50728E095FF24218119D51BD22475363
                                                                                                                                                                      SHA-512:84387A560C74CD17A3E1D618181BD7734CACDB1D7B5A52EDF20FBB27C4FEFE25BD4F839C12E842C61CCD57308FD6A6B3987DC237ACCD213B9818D751C3990C10
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:aab

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\LostPShe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3
                                                                                                                                                                      Entropy (8bit):0.9182958340544896
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:tH:1
                                                                                                                                                                      MD5:E62595EE98B585153DAC87CE1AB69C3C
                                                                                                                                                                      SHA1:40B904FD8852297DAEAEB426B1BCA46FD2454AA3
                                                                                                                                                                      SHA-256:38760EABB666E8E61EE628A17C4090CC50728E095FF24218119D51BD22475363
                                                                                                                                                                      SHA-512:84387A560C74CD17A3E1D618181BD7734CACDB1D7B5A52EDF20FBB27C4FEFE25BD4F839C12E842C61CCD57308FD6A6B3987DC237ACCD213B9818D751C3990C10
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:aab

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\LostShe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):13
                                                                                                                                                                      Entropy (8bit):3.0269868333592873
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:q1vC:q1vC
                                                                                                                                                                      MD5:213802ED7972AEAFE6237FA1453F1FD0
                                                                                                                                                                      SHA1:794A4B01CD429D110180DAA19204A098C42F11E6
                                                                                                                                                                      SHA-256:398380CF3867FE7C45A44E02C5542299346B631E627DB931B1FB4C8BE82C58E7
                                                                                                                                                                      SHA-512:FE6CFC85A06969389B3AE345C566AFEE7F55F011425070B9AD6342F474266A440EFBA98EA8181DF1AE24A3C617E6CF2A3C916740198F3FEB1B70B5B403A537CA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:af.cbe.a`..`g

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\MemDefrag.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):67184
                                                                                                                                                                      Entropy (8bit):6.560571950422605
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:mE8Ush0dMK0vVZdisbH8iBRq8aZ+LhN3r22t19zS4Kye8pOxbGew2MSPDGjENAMb:mE8tSiKlqcHFChNbj19znKy92bGjwx9
                                                                                                                                                                      MD5:D9E742CB7C33C378602A144904756845
                                                                                                                                                                      SHA1:6E9C521A8E657FC8B46312AD79C1C7CE08C10766
                                                                                                                                                                      SHA-256:29626F619DB47C528EB910C15CDF2D139B512024331DAC91E7C562DF4FF297D8
                                                                                                                                                                      SHA-512:4474909CEE6BEA404918A0D9650D72F766A0FB27A5BB7A0BAD04BBD6F6F05EBEC11BEAE9080B4BD9E7A55A8614517B7A7F1DCF49F68308E51AEDACB2FDAC164F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m.x.)...)...)... ..%....K.+...{..."...{...-...{...1...{...-....[..(....[.."...)..................(.......(.......(...Rich)...........................PE..L....3.d...........!.........T......g{....................................................@.........................@...X...............................p2..........D...p...............................@............................................text............................... ..`.rdata...<.......>..................@..@.data...<...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft.Bcl.AsyncInterfaces.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):64960
                                                                                                                                                                      Entropy (8bit):6.573463392054397
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:mbT78So0kats7efpLfvQcl/h5GDwVwZtyA+7XXxDp:mT8Syaq7SBQ35+b/
                                                                                                                                                                      MD5:644F4DF789E7B1CC9DE8FCAE8A9B7035
                                                                                                                                                                      SHA1:DA389C035C18342DAC47D82333E6F6A9D54E067E
                                                                                                                                                                      SHA-256:D2A5F4C9A8DE1FFA1482277889D71738F220DDBD287A279FA11CF2EB4FC1F0E8
                                                                                                                                                                      SHA-512:5B49BC385D6460F60FE5D598FCA27E68378A2D7752FA0A9ED7956A1B16B1CCF22EF6300AA8A36AD284047B7D8C4A2654EFFECA845BEC24D21BC9E727A7F39349
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^.F8..(k..(k..(k..)j..(k...j..(k..)j..(k...k..(kH.)j..(k..)k..(kH.-j..(kH.,j..(kH.+j..(k.-j..(k.,j..(k.*j..(kRich..(k........................PE..L.....%e.....................N......@|............@.................................H+....@.................................`...@........................)......P...d...T...............................@...............H............................text............................... ..`.rdata..@:.......<..................@..@.data...............................@....reloc..P...........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft.VC80.ATL.manifest

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):438
                                                                                                                                                                      Entropy (8bit):5.302102385514918
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:TMHdt4IBeBFLOwHR5TNl+rmxgVKaGNLzIZ:2dtFEDCwHTTNl+rkgkJNLzc
                                                                                                                                                                      MD5:1CCB36CF4D7744F2A2449710032573F8
                                                                                                                                                                      SHA1:22C61BCDFB941EB6AA0829F8FECAA7B716895BF4
                                                                                                                                                                      SHA-256:8DC44CBA880E8E7A0776981FAC21094F905750C02890CBADC5059D1049D357EB
                                                                                                                                                                      SHA-512:53C6595A29C4636E4FDD800A48DEBF299DBFAC16396C217165BCB9D2E1B431982A1E3D5C8EA7850C178A6F6DA599DDF862DC7F64F29884EC0633A879B5B9C6B3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>. Copyright . 1981-2001 Microsoft Corporation -->.<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">. <noInheritable/>. <assemblyIdentity. .type="win32"..name="Microsoft.VC80.ATL"..version="8.0.50727.4053"..processorArchitecture="x86". />. <file name="ATL80.dll" hash="6d7ce37b5753aa3f8b6c2c8170011b000bbed2e9" hashalg="SHA1"/>.</assembly>.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft.VC80.CRT.manifest

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1829
                                                                                                                                                                      Entropy (8bit):5.362806750573066
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:3rpK+higVB09kkK0hpzxU09kkKqYhzQC09kkK0FFz9:7pthNXkHndUXk8hNXkFjh
                                                                                                                                                                      MD5:12B6A5638A4D54F6E613CAFD04BC1C0D
                                                                                                                                                                      SHA1:0BD3E9F83883B00DEA8DC95112C8BBD74A14EDEF
                                                                                                                                                                      SHA-256:3B55C9DA463C5F6BBBD1E73398FABDC30998BC525F4FE6E586BE711E660BC800
                                                                                                                                                                      SHA-512:15272B53972D70C089C9EBF554DE7DD1BC4707EF2FA8D526E7022FC21C8A74AD039387FB4BB53835D0B4443227CB1AD1C1D2CFCB1D205C2729F13BD1FAF9B008
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">. <noInheritable></noInheritable>. <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="x86"></assemblyIdentity>. <file name="msvcr80.dll" hash="0a38b652c9d03caab803c6b2505fa301e345bab2" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity"></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>TM0VvywbHVQayIOw9CSX6M7WpaM=</dsig:DigestValue></asmv2:hash></file>. <file name="msvcp80.dll" hash="678bf3da5d1987bb88fd47c4801ecb41f51366ef" hashalg="SHA1"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig="http://www.w3.org/2000/09/xml

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (1506), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1860
                                                                                                                                                                      Entropy (8bit):5.392371898016726
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:3SlK+vU6g49Pd09kkKKMzEAZ09kkKxrzVHNw09kkK3zY:Clt8CtdXks5ZXk8pNwXkK8
                                                                                                                                                                      MD5:53213FC8C2CB0D6F77CA6CBD40FFF22C
                                                                                                                                                                      SHA1:D8BA81ED6586825835B76E9D566077466EE41A85
                                                                                                                                                                      SHA-256:03D0776812368478CE60E8160EC3C6938782DB1832F5CB53B7842E5840F9DBC5
                                                                                                                                                                      SHA-512:E3CED32A2EABFD0028EC16E62687573D86C0112B2B1D965F1F9D0BB5557CEF5FDF5233E87FE73BE621A52AFFE4CE53BEDF958558AA899646FA390F4541CF11EB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable></noInheritable>.. <assemblyIdentity type="win32" name="Microsoft.VC90.CRT" version="9.0.30729.4148" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>.. <file name="msvcr90.dll" hashalg="SHA1" hash="98e8006e0a4542e69f1a3555b927758bd76ca07d"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity"></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>+CXED+6HzJlSphyMNOn27ujadC0=</dsig:DigestValue></asmv2:hash></file> <file name="msvcp90.dll" hashalg="SHA1" hash="3aec3be680024a46813dee891a753bd58b3f3b12"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:d

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft.VC90.CRT\msvcp90.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):570240
                                                                                                                                                                      Entropy (8bit):6.523986609941549
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:NZ/veMyZ137mSEWT0VkypLvgLehUgiW6QR7t5183Ooc8SHkC2eU8Z:NZSZ13iwJmgLq83Ooc8SHkC2eN
                                                                                                                                                                      MD5:232708A3FB0137133BA1787EF220C879
                                                                                                                                                                      SHA1:4F725F93081FE15C6AF99E32F3E97CCB22E15BFE
                                                                                                                                                                      SHA-256:64236B28CB287D9C912D1DB753B21BEB95009340B7ABB2717E40CE8D91946C89
                                                                                                                                                                      SHA-512:90DAEFA1F3D3608700074F349D0CD5E5D2EAE090ECAD07352E553F08087A2EDDEB457F235CDC7E4869C4CF24E895C05C11AF968E68CFD0B6AA8092C98DC7E4FC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#%..Mv..Mv..Mv.66v..Mv...v..Mv..Lv:.Mv...v..Mv...v..Mv...v..Mv...v..Mv...v..Mv...v..Mv...v..MvRich..Mv........................PE..L...~LYJ...........!.....4...p..............P....Hx......................................@..........................P..,....E..<...............................43...................................%..@............................................text....2.......4.................. ..`.data...t'...P.......8..............@....rsrc................R..............@..@.reloc..HC.......D...V..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft.VC90.CRT\msvcr90.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):653696
                                                                                                                                                                      Entropy (8bit):6.885617848989009
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:Bhr4UC+UumMaIYE8EoPP1cI9xPP2OKDL9QXyG2pUmRyyva:VU9FNPPbxPP2OeL9Q2pUmRyyva
                                                                                                                                                                      MD5:4B9B0107D35859FA67FB6536E04B54A7
                                                                                                                                                                      SHA1:60F5D36F475FEA96F06AC384230B891689393486
                                                                                                                                                                      SHA-256:EA59B23FC4799B10B07CC1E4F81BBCB7FAC712D93E2BA48DE50046E5B4C140DB
                                                                                                                                                                      SHA-512:324EDB6D0C618C20260417B86189C27D6E1EB00944C7F5A6C59679365E618D262C71433749DDFEF253B723F1D1B3167982B4742164A167B3CFC85C651300382B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................6.........!.R...7.....&.....0.....6.....3...Rich..........PE..L...yLYJ...........!.....\..........@-.......p....Rx.........................0............@..............................|..P...(................................3......................................@............................................text...t[.......\.................. ..`.data....g...p...D...`..............@....rsrc...............................@..@.reloc...7.......8..................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft.VC90.MFC\Microsoft.VC90.MFC.manifest

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (2003), with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2357
                                                                                                                                                                      Entropy (8bit):5.378158011805663
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:3SlK++U6g4A09kkKNzx09kkKJpzSgd909kkKzZuzl09kkKTzY:CltFCAXkgNXkKGgd9XkxZXke8
                                                                                                                                                                      MD5:0323AF0C3E694D85650AE55AA27EEFB3
                                                                                                                                                                      SHA1:672079C9564B4EC16EFB24DC80DE3EBEAF2A9F27
                                                                                                                                                                      SHA-256:1FED2074AB9F90D9FCCC5A49B6AA42C917674C2B5C7B1BB93FB67B0E0C944818
                                                                                                                                                                      SHA-512:5DF2D8B07B3ED0CAE3536C09AECA714B56EB75BC76668447C45917E890F5D22EF14B6059BD5782FD06D075A8497BC39A89F809E413C637405AE9BE4193C66FE1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <noInheritable></noInheritable>.. <assemblyIdentity type="win32" name="Microsoft.VC90.MFC" version="9.0.30729.4148" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>.. <file name="mfc90.dll" hashalg="SHA1" hash="ec50bf1691888076202d5831599ac75ba0d35977"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="urn:schemas-microsoft-com:HashTransforms.Identity"></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>WuUqeI7Lf0+bhIfTm0T6Pv1L13g=</dsig:DigestValue></asmv2:hash></file> <file name="mfc90u.dll" hashalg="SHA1" hash="c752d2a42c0b82d2145cebcda60c7e5a43245cf4"><asmv2:hash xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:dsig

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft.VC90.MFC\mfc90.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3765632
                                                                                                                                                                      Entropy (8bit):7.006945366952565
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:98304:dOPkcHVGUQywT84a5IY9IViQ0zMzlp7toNTbPXQlk3glLsFLOAkGkzdnEVEFoKGA:WkcHVMTlBp0TrwlLsFLOyEFoKGD8
                                                                                                                                                                      MD5:225F7A12F61B3276D12310F457822D7A
                                                                                                                                                                      SHA1:F05B2DFE12D946606DDF0CD7E8A15027D75718AF
                                                                                                                                                                      SHA-256:3CED269344FD6AC7A3872D3DA39364397193C650A497702A0849C9543601A42E
                                                                                                                                                                      SHA-512:EF09DBC3FF0C6F1B229B4FCFD371A05E5570FDEB296D0F051F1AFD7C2F2567CEF86E47A3DA1B6D3B4AF116D9AC9F7508C36BAC065120F4519BC960AB0475349F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............y...y...y.......y.!.Z...y.......y.....y.....y.....y.......y.......y.......y...x.c.y....0.y.....y.....y.....y.Rich..y.................PE..L...ImYJ...........!......%..(........!.......%...^x..........................9.......9...@...........................$.....,.$......`&..l...........\9.......6.\.... ..................................@....................q$......................text.....%.......%................. ..`.data.........%.......%.............@....rsrc....l...`&..n....&.............@..@.reloc..F.....6......r6.............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Microsoft_VC90_CRT_manifest

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):29
                                                                                                                                                                      Entropy (8bit):2.9968027726780173
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:HSu+QvdSG/cn:+SQqc
                                                                                                                                                                      MD5:6E17DDA977CBC993A9308145693BFE90
                                                                                                                                                                      SHA1:D964351BEE8764DE9CBCA186B7D1F526EB6361DB
                                                                                                                                                                      SHA-256:615707952EB080E6824699C73F1D914C2278E103CEA452CF4111063DD274458C
                                                                                                                                                                      SHA-512:3A1A40DBE7FF5911B3D42DF7C8A74470869CE3F75612A19A73256C799F2A1DD472607F3C89DAD5060AEC1FA953BDFED90A481A4413D2999D122B7AB1D8F7DA77
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:577F7F777C753E756875FCD3D7619

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\N0vaDesktop.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5972392
                                                                                                                                                                      Entropy (8bit):6.868183225292118
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:98304:ygUifEmDR4lEtsaowOSiL5f5aLbunw8Y6+15cmCSrw0sn/DVpFLOAkGkzdnEVom5:gifXD+Ktu75fu11CSrw0c7nFLOyomFHj
                                                                                                                                                                      MD5:06808B78BCC668E76A1F3B9589B985F2
                                                                                                                                                                      SHA1:07349BD4A98F70C0870802FCE91CE4F15DCB48AD
                                                                                                                                                                      SHA-256:4E560A33A3585F5F6DDD4674E8D8098B977BA3AE320ACDC4ABAC33B89CE17C97
                                                                                                                                                                      SHA-512:CED48BD909ACC1B4012A8FC56C8EE76CB0716611B9448465E8DE1670444C04E3B602D7F5A3AF66527EDF760DD10EAA12C68511CF1154B9B8A349D8D443B99EE7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........B.{G#.(G#.(G#.("E.)o#.(..(F#.(.}.)D#.("E.)F#.(.z.)D#.("E.)C#.(|}.)Y#.(|}.)`#.(|}.).".("E.)v#.("E.).#.("E.){#.(.}.)B#.(G#.(. .(.}.)M#.(.}.).#.(.}%(F#.(G#M(F#.(.}.)F#.(RichG#.(........PE..L......g.................Z1...).......'......p1...@...........................[.......[...@.................................@.<.X.....?..y............Z..U...0X.@y...a7.T...................tb7......b7.@............p1.|............................text....X1......Z1................. ..`.rdata..2....p1......^1.............@..@.data...X[...`<......N<.............@....gfids........=.......=.............@..@.giats........?.......>.............@..@.tls..........?.......>.............@..._RDATA..0.....?.......>.............@..@.rsrc....y....?..z....>.............@..@.reloc..@y...0X..z...RW.............@..B................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\NULL.bin

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):125376
                                                                                                                                                                      Entropy (8bit):7.998479503470445
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:FI6dBzpxvuZ9UIQrNJ6DKxOssBCI4sB74xoGhFo4Z1J21:m6zzYsBMcsBCpO6Py
                                                                                                                                                                      MD5:0C21E337569640A73AF44474F44CB9F7
                                                                                                                                                                      SHA1:82C3C1C2602250441C1B18200F7FBDC2B6443352
                                                                                                                                                                      SHA-256:BC58641B4F43BE40016044046321F77DD153F0BFCE6E4E9D765711838DB13ECA
                                                                                                                                                                      SHA-512:7D19FBF9E907E468C34813B0E1E4F2880762573C9EFE678C36C5CA254890A4B0A008DE72E824345C3FBB838C7BAE3E3D991D46CFAF0FAA73BE89EA88DB2E3C76
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...:w.C...k....r....F...g{>..K....3==...6C..l.../.H..L.|,..#.c....../I.....>........2.....(SH..Z..uJ...t..#Ov..p...XJ..E..8.t.....0d.Ew.DR...lZF..i0..v5.....y/......g...Z=.Z|.)4.o.n.....i.g0..T.Z.......i...-.F&....{.'..E....G./....M....L....U..?....Ei'..|.)..J,XnL...<..A......1..D.%I.CA.....#.-;z...g....U$.{.t.$\...$.+./...|.@.5.0d.H..D.Ga..Tod....\{...Mj.\.....}..:.............StlE=.....~..3......;....I.@I.<...<..;....Y...u...P.....F.1p.^.y...f....P././}.....P.b/.J....?n.^"....S.1.*}.JT...rS^t..5..X..["rL.<....$..K]`-)aq. ..*1$.X..]... .9....k......v.../!....Vu.m.W.9G...us,3.....i.}..2.O8.*t....j..mi..~..~'H&.....)......f..%...h.....i.f..0+.8.;....r&Y\..TO.E...!..*n...t.h...KZ..K.L.i.h.,.;bm...`sS.~..\O.i.v!o.,..G.'...:=.Fn.x.b.E^r...j}.<.b.}....V..`M.Y|;j,=....g.*..g....).Cw.eC.K...C...8nMc....P..[PP..Ghq..n.#..6j;.V..z..L.}..^.k.A......R....M.=}.bN\ty.3..c|z.\./-E..^.P6..`9.8&xH.y..&...$.6...t........V..EZ.Cf...x...1oH>Y.....+..

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\NVIDIA_GeForce_Experience_json

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):29
                                                                                                                                                                      Entropy (8bit):3.0657682899193968
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:4j46giWEcn:046BWEc
                                                                                                                                                                      MD5:23A56B3DBA64589852CD17E11CA111EF
                                                                                                                                                                      SHA1:FD6568661FC88695B76489727FB59734B2152427
                                                                                                                                                                      SHA-256:0415B8232791D3345042C516C9AF6F4FCACCFAD5D794FDAF1A15F0B34C77C3D1
                                                                                                                                                                      SHA-512:29837A72F9C7858C2DA38C2D69C64E98A531CDBF46D8EC7E92F608F917D93619AAC6B38DDD792FCDD8F654B51C7F6D6518F3CA120E7502AE8AFB979FEA015C59
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:7C79727375763E747C7CFCD3D7619

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\NetDevenvSpeed.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):667648
                                                                                                                                                                      Entropy (8bit):6.655676024268379
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:G36HjCm6ltuRXQ/g+hVfW2LDzeLA5rJWutAWQSHOALXB:VCm6ltuRXKg+hVfWkDEA5tDuyX
                                                                                                                                                                      MD5:BA4ED2E6B25A8C9EDA3DA4CE85A5054D
                                                                                                                                                                      SHA1:C3B2EF12347E0C5206B4C3959FA96CD7F064F10C
                                                                                                                                                                      SHA-256:31370AB9ECAFEA8528D0C844C34B7721042C93A8E45278C4452B62ABAADE9182
                                                                                                                                                                      SHA-512:87C10EA2B82D79BD96CA453D808D937841A45CEE331E5914E5B9A7D6665BB41864D90E08E47F4000C1EEBC64F1E4035B010F545B2068B3604A7B8C87F1D30DBB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........xt..............a.......a..W....a.......l.......l.......l.......a..............*l......*l......*l......*l......Rich............PE..L....+.f...........!.....f................................................................@.....................................(.... .......................0...K...[..............................8[..@............................................text...cd.......f.................. ..`.rdata...Z.......\...j..............@..@.data....2..........................@....rsrc........ ......................@..@.reloc...K...0...L..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\NetSpeedLog

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):330752
                                                                                                                                                                      Entropy (8bit):6.280455055315828
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:x9LbnjzIPOmRM0KQfU9JwjvD2xCovPVZHuEi+e15HiEGPGqQiblLYEaZ4OYlYXo2:b928/BvNZ8NHd7ibGYuG9/31P+HvufI
                                                                                                                                                                      MD5:AF1EFD2EFED6CC982E4AD7E1C19DC057
                                                                                                                                                                      SHA1:88C72A225D8DF3AF56A69EFF41295624FBE821E8
                                                                                                                                                                      SHA-256:00E7F8BCF5A97ED5A4E16A03E50EDEB6C2CCACE498DA46753E56C9A65042552B
                                                                                                                                                                      SHA-512:D6876F27010EBD4C7C28F1A8B14EF41D7096B35402EF0B0196C379C5D130AE3C9F94DE63B70E5A0E62BA717B7A07B478D830DC5896BCBA721E5AE0D2BAC14A00
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..D.................................................................`..........................................................#...@...@...@.......@..$(...@..>...@..B6..3@..B6..@..B6...@..$(...@..$(..<@...@...C..B6...@..B6...@..B6...@.....@................................Lj.........4........@.........T........d.....................................................................$......P.........`....................T.....................................................d..(............................\....SF.......@...........................n...d...h...|..............................Z..........................`.......................................T...............................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Ntvbld64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:MS-DOS executable PE32+ executable (DLL) (native) x86-64, for MS Windows, MZ for MS-DOS
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):42976
                                                                                                                                                                      Entropy (8bit):6.2171815555231875
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:iHfqCaczo/ZinYCOd9L9KyhaM7JubDGpZRKjKj9MPgkU7:8fqT/ZWY/L9l7JheMJ
                                                                                                                                                                      MD5:671F95CAB2B5CF121125413F250F5275
                                                                                                                                                                      SHA1:73D99D09A3D8978A5C6DB43CEC85FB43B03B7A26
                                                                                                                                                                      SHA-256:728A1FCDEDCA6DBD8FDDDE3F33CD64DD99853C26EF5B10D3FEF0D76D0480964B
                                                                                                                                                                      SHA-512:4AF690AF838CEB026636931AEDE3852EAE6D83881149EF4C28CC1DD032C3F7F6A64B30171C2524512FACD40496DAB305523D20637B44EFBF0D5805D0FAD1FFCB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ!..... ..........e..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ntvbldDXML..$............!.L.!.........`......................................................................Rich....................PE..d.....a.........." .....H...".................p..........................................@.........................................pV.......S..(.......h....p.......h..H?...........................................................................................text....F.......H.................. ..`.data........`.......N..............@...

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\OTGContainer.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):5972392
                                                                                                                                                                      Entropy (8bit):6.868183225292118
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:98304:ygUifEmDR4lEtsaowOSiL5f5aLbunw8Y6+15cmCSrw0sn/DVpFLOAkGkzdnEVom5:gifXD+Ktu75fu11CSrw0c7nFLOyomFHj
                                                                                                                                                                      MD5:06808B78BCC668E76A1F3B9589B985F2
                                                                                                                                                                      SHA1:07349BD4A98F70C0870802FCE91CE4F15DCB48AD
                                                                                                                                                                      SHA-256:4E560A33A3585F5F6DDD4674E8D8098B977BA3AE320ACDC4ABAC33B89CE17C97
                                                                                                                                                                      SHA-512:CED48BD909ACC1B4012A8FC56C8EE76CB0716611B9448465E8DE1670444C04E3B602D7F5A3AF66527EDF760DD10EAA12C68511CF1154B9B8A349D8D443B99EE7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........B.{G#.(G#.(G#.("E.)o#.(..(F#.(.}.)D#.("E.)F#.(.z.)D#.("E.)C#.(|}.)Y#.(|}.)`#.(|}.).".("E.)v#.("E.).#.("E.){#.(.}.)B#.(G#.(. .(.}.)M#.(.}.).#.(.}%(F#.(G#M(F#.(.}.)F#.(RichG#.(........PE..L......g.................Z1...).......'......p1...@...........................[.......[...@.................................@.<.X.....?..y............Z..U...0X.@y...a7.T...................tb7......b7.@............p1.|............................text....X1......Z1................. ..`.rdata..2....p1......^1.............@..@.data...X[...`<......N<.............@....gfids........=.......=.............@..@.giats........?.......>.............@..@.tls..........?.......>.............@..._RDATA..0.....?.......>.............@..@.rsrc....y....?..z....>.............@..@.reloc..@y...0X..z...RW.............@..B................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\plugins\Microsoft.VC80.ATL.manifest

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):376
                                                                                                                                                                      Entropy (8bit):5.187860451409661
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:TMVBd6OjzIIBeBXVL9obRu9Td8gH9aO/5TMiX1+jSQdS1vwIgVf+ZaYf7:TMHdt4IBeBFLOwHR5TNl+rmxgVKaq7
                                                                                                                                                                      MD5:0BC6649277383985213AE31DBF1F031C
                                                                                                                                                                      SHA1:7095F33DD568291D75284F1F8E48C45C14974588
                                                                                                                                                                      SHA-256:C06FA0F404DF8B4BB365D864E613A151D0F86DEEF03E86019A068ED89FD05158
                                                                                                                                                                      SHA-512:6CB2008B46EFEF5AF8DD2B2EFCF203917A6738354A9A925B9593406192E635C84C6D0BEA5D68BDE324C421D2EBA79B891538F6F2F2514846B9DB70C312421D06
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>. Copyright . 1981-2001 Microsoft Corporation -->.<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">. <noInheritable/>. <assemblyIdentity. .type="win32"..name="Microsoft.VC80.ATL"..version="8.0.50727.4053"..processorArchitecture="x86". />. <file name="ipaip1.exe"/>.</assembly>.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\plugins\Microsoft.VC80.CRT.manifest

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):314
                                                                                                                                                                      Entropy (8bit):5.140999301390513
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:JiMVBd6OjzPbRu9Td8gH9bZELrbvm/53SMiX6+hPABdS1FggVfgk5Z:MMHdtlwHHJ53SNK+hPIRgVR5Z
                                                                                                                                                                      MD5:710C54C37D7EC902A5D3CDD5A4CF6AB5
                                                                                                                                                                      SHA1:9E291D80A8707C81E644354A1E378AECA295D4C7
                                                                                                                                                                      SHA-256:EF893CB48C0EBE25465FBC05C055A42554452139B4EC78E25EC43237D0B53F80
                                                                                                                                                                      SHA-512:4D2EC03FF54A3BF129FB762FC64A910D0E104CD826ACD4AB84ED191E6CC6A0FEC3627E494C44D91B09FEBA5539AD7725F18158755D6B0016A50DE9D29891C7E5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">. <noInheritable></noInheritable>. <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="x86"></assemblyIdentity>.</assembly>

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\plugins\am.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6669
                                                                                                                                                                      Entropy (8bit):4.733830185137714
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:4c2LQ563O84ggqSdqfD6JngOvFfkxFfdpj8IY8YS3dRp79S7EO:pIEiKT5hTvWx11Y8YShhS7EO
                                                                                                                                                                      MD5:748E5EA71A607EA89B219AFC97052259
                                                                                                                                                                      SHA1:8677307E553474320A2616EABBC5534F42D100BC
                                                                                                                                                                      SHA-256:E481BA3734925C59839FDB29E5FB171F0DF0640A48D4C61C9CAA9F475D2ADE89
                                                                                                                                                                      SHA-512:49F78793C75A70502E43A138F762940149F536BB494473B1672A1E0E0C7BE2AA72337B3524EB0E4D5F0B60203711D87958FAB88F1404476BF779967350B00364
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........N.....N.....N.....N9....NB....NH....NN....NT....N]....Ni....Nu....N.....N.....N.....N.....N.....N.....N.....N.....N.....N"....N(....N.....N:....NO....N_....Nu....N.....N.....N.....N.....N.....NK....Nk....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N#....N,....N9....N[....Nd....Nz....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....ND....NJ....NV....N|....N.....N.....N.....N.....O.....O.....O.....O1....OD....OQ....OZ....O.....O.....O.....O.....O?....Ou....O.....O.....O.....O.....O+....O\....O.....O.....O.....O.....O2....OX....O.....O.....O.....O.....OG....O.....O.... O....!O...."O!...#O0...$O6...%OE...&OQ...'OZ...(Oo...)O....*O....+O)...,O....-O.....OZ.../O....0O....1O....2O....3O6...4Ow...5O....6O....7O....8O....9O....:OI...;Oo...<O....=O....>OE...?O{...@O....AO+...BO....CO3...DO....EO....FO....GO....HO....IO....JO....KO....LO....MO*...NO@...OOL...PO....QO....RO....SO...................... .... ....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\plugins\ar.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6252
                                                                                                                                                                      Entropy (8bit):4.765802565676888
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:8q+c4RnQTyZHZo/zjH26bojOpyuT/j8I8hi8v8hqCPC5/P5zn:8jYo5oLjH26EjOp/Mn
                                                                                                                                                                      MD5:1F9D7E57FE35D3A35FE49E6E2BAC8707
                                                                                                                                                                      SHA1:E6C4BCC56AE5742E7B825F489BF33B491970ABE6
                                                                                                                                                                      SHA-256:7522EF5C3E10BF279E777054D858955F1B9F63A39CCB408364C413E6E3D49A04
                                                                                                                                                                      SHA-512:489C79155C5E84702B58072E8A44C123D8F0C3F226A5073EAE343506A76D0E378418557DD29CEF8283425A46A248132CCB1F78E13C867829E399CB6EF17769F2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........N.....N.....N.....N.....N.....N&....N,....N2....N8....NB....NL....NV....Nk....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N)....N:....NO....N]....N.....N.....N.....N.....N.....N$....N=....ND....NW....Nc....Nx....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N$....N7....N?....NX....N\....Nw....N{....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N&....N0....NA....NV....O`....Os....O.....O.....O.....O.....O.....O)....ON....O.....O.....O.....O.....O(....Ol....Ov....O.....O.....O.....O.....O.....O2....OY....O.....O.....O.....O.....OS....Ox....O.....O.....O.... OK...!Od..."Ow...#O....$O....%O....&O....'O....(O....)O....*O....+Oz...,O....-OC....O..../O....0O<...1O....2O:...3O}...4O....5O....6O....7O....8O....9O....:O/...;ON...<O....=O....>O....?O+...@Oc...AO....BO8...CO....DOS...EO....FO....GO....HO....IOC...JO\...KOm...LO....MO....NO....OO....PO....QO....RO0...SO:.....l.................. ..... .. ... ....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\plugins\bg.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7220
                                                                                                                                                                      Entropy (8bit):4.592203217648416
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:eOu4nxWcR1emdX4DRkw0UzNAHSZwIQshZrlLBXWeOwg6lz737RC:HScRkB6WmSZRhZiePlzz70
                                                                                                                                                                      MD5:6E09177086163D64ED7AB890D70CFDF3
                                                                                                                                                                      SHA1:87B7FCA47DA5BAE28C7182A221E923588EBEADF8
                                                                                                                                                                      SHA-256:B0E8F4379AA7B1CF11C196354C6C0212558B1E5BA20332A34F30B5263D4B1EA9
                                                                                                                                                                      SHA-512:48191FBA9308E58CE482193CAB4DEA032A37136D6F1D1132B45D0894B18EA3B5BE330BBF9FA61CF2C5BC711B371D53430554BAF103CEC027E6026E5F27A292C5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........N.....N.....N.....NI....N]....Ne....Nk....Nu....N.....N.....N.....N.....N.....N.....N.....N.....N!....N.....N;....NH....NU....NY....N]....Ne....Nw....N.....N.....N.....N.....N.....N9....N.....N.....N.....N.....N.....N ....N4....NZ....N.....N.....N.....N.....N.....N.....N.....N.....N<....Nd....Nt....N.....N.....N.....N.....N.....N.....N@....NL....Ny....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N:....OH....Oj....O.....O.....O.....O.....O#....OB....Oc....O.....O.....O.....OS....O.....O.....O.....O.....O.....O:....On....O.....O.....O.....Oq....O.....O.....O.....OD....Oe....O.....O.....O:... O....!O...."O....#O....$O....%O....&O....'O....(O....)OP...*Ot...+O....,O....-OO....O..../O....0O`...1O....2O4...3O....4O....5O"...6Od...7O....8O#...9OR...:O....;O....<O-...=Oi...>O....?O....@O....AOy...BO....COw...DO....EOw...FO....GO....HO....IO....JO....KO....LO+...MO9...NOC...OOU...PO....QO....RO....SO......4........................ .... .....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\plugins\vd.ico

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):25214
                                                                                                                                                                      Entropy (8bit):4.526069485099958
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:eLpEC0qWDnDjVSV/+/CB1+n2GHOMmM5H6:1C+Sp1QdHOc5H6
                                                                                                                                                                      MD5:9946B791C261BA0A4CCF6E46F7B54546
                                                                                                                                                                      SHA1:3082E44F89AB9CD5ED1705F0470A33D1279D2A67
                                                                                                                                                                      SHA-256:62729E6D23D8DD347ECCB5B9D292A089ECA582694082EB8F1DDF55E9AE18B0C0
                                                                                                                                                                      SHA-512:A2C11556486E5F1B417F61ABCDA1BB3B064CD29515DDD0CF94985E24043D2F1483E74938711290A3FD681157F2559ED719B30B367481D81B41E01676E84DC03C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......00......h....... ......................(.......00.............. ......................h...^"..00.... ..%...'.. .... .....nM........ .h....^..(...0...`.........................................................................................................................................................................................................................................................................wwwwwwwwwwwwwwwwwwww....................................................wwwwwwwwwwwwwwwwwwwwx...................................................wwwwwwwwwwwwwwwwwwwwx...wwwwwwwwwwwwwwwwwwwwx...ppppppppppppppppppppx...........................................w.w.....................ww.p....................ww.p....................w.w.........DDDDDDD@...............tDDDDDDDG................GwwwwwtO................GwwwwwtO................G....wtDDDDDO...........`....wtdDDDDO...........@....p.GwwwtO...........`....p.gwwwtO...........@....p.G....O...........`....p.`....o.......

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\plugins\version

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                      MD5:F1D3FF8443297732862DF21DC4E57262
                                                                                                                                                                      SHA1:9069CA78E7450A285173431B3E52C5C25299E473
                                                                                                                                                                      SHA-256:DF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119
                                                                                                                                                                      SHA-512:EC2D57691D9B2D40182AC565032054B7D784BA96B18BCB5BE0BB4E70E3FB041EFF582C8AF66EE50256539F2181D7F9E53627C0189DA7E75A4D5EF10EA93B20B3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\themes\ca.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4447
                                                                                                                                                                      Entropy (8bit):5.418213783438325
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:cqGYHvAfKA/nFGBlyL5tTIYOBcZbISSZrJz94IvXqUQEQ6TH3Hzniv7:cQgrnwPyVCYOCZ8BZrJz94IvXqUQEQ4I
                                                                                                                                                                      MD5:DA44E0F806463B7F0D3FA8C93A4E50DE
                                                                                                                                                                      SHA1:DAE138775B448187C099EB4C6EEE463E4CD47E84
                                                                                                                                                                      SHA-256:FF4CBCFEBE833E21C37A02C04257FDB2369E42E3BE18DCF75335333A06EA789B
                                                                                                                                                                      SHA-512:9E8BD23F668BF312817592445C9E2BFC2CFDCC2BEF47DDFE711C750409CEE5855F2E9AFD96DA4F3F4B5E7C92A8C4C675AF45389A40C3033F73453971BD358C3D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N!....N+....N9....NJ....Nb....Nl....Nu....N~....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....NC....NY....No....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N'....N;....NI....NW....N^....Nq....Nz....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N#....O-....O2....OK....Or....O.....O.....O.....O.....O.....O.....O.....O'....OC....O`....O.....O.....O.....O.....O.....O.....O.....O.....O/....Oa....Ow....O.....O.....O.....O.....O9....O[....Oy... O....!O...."O....#O....$O....%O....&O....'O....(O....)O....*O....+O+...,O....-O.....O..../O?...0O~...1O....2O....3OB...4Od...5O....6O....7O....8O....9O....:OY...;Oo...<O....=O....>O....?O....@O....AOW...BO....CO....DO(...EOu...FO....GO....HO....IO....JO....KO....LO....MO....NO....OO....PO....QO)...RO1...SO;....._...DetallsDesa.s un .ndex on es poden realitzar cerques. Intro

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\themes\cs.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4278
                                                                                                                                                                      Entropy (8bit):5.761351246793285
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:0CLGsy4GgACuoiU4CJeDof8QQgWu6/K3eVeRl2c0cLeI:lLTy42oiJQwof8Qcu6y3WWr
                                                                                                                                                                      MD5:E160C8912A6E73BD4CD2544A9F3C3974
                                                                                                                                                                      SHA1:E46EF68F3113BD36D40635C76452445F7D359F39
                                                                                                                                                                      SHA-256:C01E38999FE2C1F98B5429BD550AE8A9F15F10D09D41EFFF8F3C7F4F1F66209C
                                                                                                                                                                      SHA-512:7CB2E47F945705DFD0030B28BD62709361DFD17AA925C68A85B34DDEE0584307C2FA918EC4B1443C2181578AFC6CD64878AADE25A469CDB2F0C45237682F35A0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........N.....N.....N.....N.....N.....N.....N.....N.....N.....N ....N'....N0....N=....NK....N[....Nn....Nx....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N#....NG....N_....N{....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N ....N7....N@....NP....NU....Nd....Nk....N~....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....O.....O%....O/....OL....O[....Ol....Op....O.....O.....O.....O.....O.....O.....O+....OU....OY....O^....Ot....O.....O.....O.....O.....O.....O.....O.....O:....OO....Ow....O.....O.....O.....O.... O....!O0..."O;...#OA...$OH...%OO...&OU...'OX...(Of...)O....*O....+O....,O....-O*....OW.../O....0O....1O....2O2...3O\...4O~...5O....6O....7O....8O6...9OQ...:O....;O....<O....=O....>O....?O(...@Oc...AO....BO....CO0...DO~...EO....FO....GO....HO....IO....JO#...KO*...LO6...MO?...NOI...OOR...POp...QO....RO....SO..........PodrobnostiUlo.itToto je prohled.vateln. index. Zadejte hl

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\themes\da.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3875
                                                                                                                                                                      Entropy (8bit):5.465278759668329
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:znbLo2urHRFWbiEP15P4q7GL8cyScTs3DhDU/EZ87s:3/udeiy5P4q7i8cySes3tw/Ed
                                                                                                                                                                      MD5:25A5E506C8A0C64D9B9E08AAAC9626E6
                                                                                                                                                                      SHA1:82F8D1E8CE364694F03C5133604F72C2608B8924
                                                                                                                                                                      SHA-256:229DA0D16A7FA0BFFD67B78F2F76734C7EA2129A15CE95DA9422775B4E9835CE
                                                                                                                                                                      SHA-512:33F86B51BE09DCFEC6B9064E5906EC782C5AF9DFCC727A2A7E4BFE5FF6908AF115E5937EC7CF2BEDF103FFA1A941D340D2C0F2E13F8447FCDE1CD649E9A936BA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N ....N+....NF....NN....NV....N^....Nf....Nn....Nv....Nx....Nz....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N*....N:....NA....NG....NR....Nb....Nu....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N1....N7....N>....NJ....NS....NV....N[....Ng....Nj....No....N}....N.....O.....O.....O.....O.....O.....O.....O.....O.....O.....O.....O.....O:....O`....Oo....O.....O.....O.....O.....O.....O.....O.....O.....O.....O.....O$....OD....OU....On....O.....O.....O.....O.... O....!O...."O#...#O+...$O1...%O9...&O<...'O?...(OI...)Od...*Os...+O....,O....-O.....OQ.../Oq...0O....1O....2O....3OC...4Ol...5O....6O....7O....8O....9O/...:OZ...;Og...<O....=O....>O....?O....@O....AO2...BOm...CO....DO....EO[...FOg...GOk...HOv...IO....JO....KO....LO....MO....NO....OO....PO....QO....RO....SO......#...DetaljerGemDer kan s.ges i dette indeks. Indtast s.ge-n.gl

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\themes\isolinux.bin

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:isolinux Loader (version 3.82)
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):14336
                                                                                                                                                                      Entropy (8bit):7.08359030184487
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:Gh5TvIzjLaWhV12sPtZK7zVi8vnKnjPlVzjzmtInQt//:Gh5DI/LfnC7zQ8z02//
                                                                                                                                                                      MD5:7EC434DAFE56FBFBBD9F609A8E51ADF1
                                                                                                                                                                      SHA1:31EB96F0B7EEB6D3972D735F20C18A4DEB425942
                                                                                                                                                                      SHA-256:E9A4817AB449A50364B0DD33425BDC596D222C1792A460831F87487439385E32
                                                                                                                                                                      SHA-512:454920BCCD663FA585E1954A320616BAD5061EB03886E284284796F9D3A2079D3ED019AD9AF6E381CF647CF27ED0EA8C098C6399479B2091BD49B472728C13F6
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..w|.............8...Wa......................xpY....)....)Z_.f1.f1...|s.fXf[.f..).f...).@....D....<...&.)....)1....{.W..........6.)f..f..)......6.)...f1..@|...f.f....f.>.)...)..).!.f1..f....)....)...(*...8*...F*.>.)<.u...K...)..).........)8..)....f.>.|.u'f..)f!.t.f..........f.G......f.(.f..|f..|f-....f...f..)f.....f.....)f..|f@.@...1...).Q........f...)f.>.)&f.f..fIt.!.u..........f9>.|t.........O..........|.............f.L.f..}.......1.W..}...._..Gq..f..}f..t(f.L.."&f.E..f;..}t.f.L...K...)..)..r......`..K..)....~.ar....U....p..M.8..)u.....A....).....)8.t...8.t.J...s....)...r..!.......3............\......PV.3....^...X....f.f`..1...faf..U............F.......]......&.)f1.f....f...f...)f...)...U...f......fRfP.SWj...f`...)....B...fa.d.r.]f..f...)......!.u..f`1....).{.fa....):.]..f1.f...f...)...fRfPUSf..6.)f..>.)f..1..f...I.).9.v......A......)......f`...far.f......[..]fXfZf..).u..Mu...H.u...;.H.v...H..(*.\..D.f.D.U;.J.v...J..l.V...).B...^]f..D.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\themes\ovf-vmware.xsd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4056
                                                                                                                                                                      Entropy (8bit):4.424470799098464
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:2dd8puSF899zzcmOlkkXsxPxPxSlptWeWOy/EpgbJMxPxSa7cRtaDeH0iBD88Epc:cd2VF+kXsolPWeWONgPRRtWeHGsUgcBg
                                                                                                                                                                      MD5:9392A998B91E7C12F20FE8ED0D7C7610
                                                                                                                                                                      SHA1:19C90803DB690AF45D7E6F8F8B1C7BD41F71A2CA
                                                                                                                                                                      SHA-256:662B3AB8423F4E5B05061B88CCA8A134A50799D6DE0CEC8977F46749A89E0FBE
                                                                                                                                                                      SHA-512:EA15C2FCAB591A384265EE726925CE3D07BB2E8DE79BDA7A6F203A54FBA2441FAABA4EA6925242B2D84DE76299CB99B2DB8B62149F405F86BD2C58609BE605A1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8"?>.. .. Copyright 2008 VMware, Inc. All rights reserved..... Remark: The OVF Specification 1.0 Annex D defines a set of relaxations on how .. this XML Schema 1.0 definition is to be interpreted...-->..<xs:schema targetNamespace="http://www.vmware.com/schema/ovf".. xmlns:vmw="http://www.vmware.com/schema/ovf".. xmlns:ovf="http://schemas.dmtf.org/ovf/envelope/1".. xmlns:xs="http://www.w3.org/2001/XMLSchema" .. attributeFormDefault="qualified".. elementFormDefault="qualified">.... Include and import sections -->.. <xs:import namespace="http://schemas.dmtf.org/ovf/envelope/1".. schemaLocation="../DMTF/dsp8027.xsd"/>.... <xs:element name="IpAssignmentSection" type="vmw:IpAssignmentSection_Type".. substitutionGroup="ovf:Section">.. <xs:annotation>.. <xs:documentation>Element substitutable for Section since.. IpAssignmentSection_Type is a derivation of Section_Type..

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\themes\ovfenv-vmware.xsd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2951
                                                                                                                                                                      Entropy (8bit):4.309681188440056
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:2dX8QSF899Szc42+lkkXsxWCGRPxSHnSEIHkyspXuKEpsZEpgcBg:cXEFckXsQeHnSEIHkysNEsUgcBg
                                                                                                                                                                      MD5:FB0DFD7CE4E12DBC2CEDD5CEA0FAE216
                                                                                                                                                                      SHA1:FA8FCB791F89F0CF170C58AF74626BCE6F9DAC9B
                                                                                                                                                                      SHA-256:7AB54BD0D58AE49A735FF551E260DCDE51CE28CF591580BCC150C4F15641C39E
                                                                                                                                                                      SHA-512:250B1290349D8D10A609E027DD3EA3CDF21BB40A7457FCE94294327DD92EFC957628AE735D44498328489A741209C09C7B0C7CA8822251B2D30A17121A74A549
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8"?>.. .. Copyright 2008 VMware, Inc. All rights reserved..... Remark: The OVF Specification 1.0 Annex D defines a set of relaxations on how .. the this XML Schema 1.0 definition is to be interpreted...-->..<xs:schema targetNamespace="http://www.vmware.com/schema/ovfenv".. xmlns:vmwenv="http://www.vmware.com/schema/ovfenv".. xmlns:ovfenv="http://schemas.dmtf.org/ovf/environment/1".. xmlns:xs="http://www.w3.org/2001/XMLSchema" .. attributeFormDefault="qualified".. elementFormDefault="qualified">.... Include and import sections -->.. <xs:import namespace="http://schemas.dmtf.org/ovf/environment/1".. schemaLocation="../DMTF/dsp8027.xsd"/>.... <xs:element name="EthernetAdapterSection" type="vmwenv:EthernetAdapterSection_Type".. substitutionGroup="ovfenv:Section">.. <xs:annotation>.. <xs:documentation>Element substitutable for Section since.. EthernetAdapter_Type is a de

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\themes\sample.flp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:DOS/MBR boot sector; partition 1 : ID=0xda, active, start-CHS (0x0,0,1), end-CHS (0x0,1,18), startsector 0, 36 sectors
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6656
                                                                                                                                                                      Entropy (8bit):6.703256936166348
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:YaPUesFIxeyrsMBe1MlsBc0GLGEiyXYmWhFdrNkv:baIFrXaMlsBmLG/mcdJkv
                                                                                                                                                                      MD5:1F4E9B9C3E5AF1359BC440FA99573F8B
                                                                                                                                                                      SHA1:0A710D1776F0687170B7D547C1D70354D6BBA548
                                                                                                                                                                      SHA-256:9FA0E91FF06B33614AEE00BBBBE5D4104D153B8933650D44F9A2B9D07B60E9B6
                                                                                                                                                                      SHA-512:38B9E7FD9C7EDC8EC89E3811C5E8D09A22E42CB9C734FE0C4AE7A4E8E60C063AE965BC6FF61AC398D5B8D8D9EAB0D6E40EDF82BC953F82542DC2890E06BBAADB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.:|..............OQ..............T .......METALKIT . err!..1....... ...}..$..r%.(|...B...}..}..s.......}...}..(..s..4|............h}. .f...."..|..f........(...=.}..........}...$.....}....5.}...u....}...=.}......|........f. ......|..... .f....".1.....W|............t............... ....."..3.....f...............1...:........f.(................./.h}..........................................@./.h........(......................................$...................................................U.U..V.....S.......@..A...Q...........Q...............f.Q.f.Q..Q..Q.B....Q.u$.Q..A..B.. .Q.u..Q..A..B.. .Q.u.1......t..E.f..f.E.f.A.....@[^].U1...WVS.........f.U.U.....$f9].u.f.E.f9E.u.f.E.U.f...E.B........'.....u...[^_]...U..S.....Y..........I..........................................A...!.[].U..V..S..........A...........A...............f................D......f.[^].U..].U...1.t0.............. ....f1...... ...P.Bf..`h.@...@...X..@.|$...@.t$(..@......@...a..@.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Optimizat\vmPerfmon.h

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):789
                                                                                                                                                                      Entropy (8bit):4.653194488836456
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:USn008/bwUkyyjdGVDNKQ/aHvjkjTyHDmtFQK02DqGn:JD8cxrsVD4AaH4jTUWKkqG
                                                                                                                                                                      MD5:2FF22231C5A295A9EFC4633B5E979F3C
                                                                                                                                                                      SHA1:F5079F304DD332003F2FFFD6164748891E23C7A2
                                                                                                                                                                      SHA-256:FBAF23FF758CA026C8AFB4BA17CA4A75602B561A32C2B82193D55FF29D963884
                                                                                                                                                                      SHA-512:617B190EB0FC7B2D84AA00E1E57FDC1A360AD6C2C22CC85F0108CD9164F8CE2C00ADA612A2E848387A7701FE8019E66B6D8062F9799B3F90BE60624210A40ABF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:/* **********************************************************.. * Copyright (c) 2003-2007 VMware, Inc. All rights reserved... * **********************************************************/....#define OBJECT_1 0....#define DEVICE_COUNTER_1 2..#define DEVICE_COUNTER_2 4..#define DEVICE_COUNTER_3 6..#define DEVICE_COUNTER_4 8..#define DEVICE_COUNTER_5 10..#define DEVICE_COUNTER_6 12..#define DEVICE_COUNTER_7 14..#define DEVICE_COUNTER_8 16..#define DEVICE_COUNTER_9 18..#define DEVICE_COUNTER_10 20..#define DEVICE_COUNTER_11 22..#define DEVICE_COUNTER_12 24..#define DEVICE_COUNTER_13 26..#define DEVICE_COUNTER_14 28..#define DEVICE_COUNTER_15 30..#define DEVICE_COUNTER_16 32..#define DEVICE_COUNTER_17 34..#define DEVICE_COUNTER_18 36....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\PSpendZ.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):289448
                                                                                                                                                                      Entropy (8bit):6.451290476474314
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:K/kvkbvka2pVtwouW9+DZUFIPcpGwDmXsBvpRyAHa0MiZUFw/oPACa337yGTkSEh:K/CkboR5INUR94GhnO6g1Co/
                                                                                                                                                                      MD5:DF3D77D41EF28027B3069D39F9EE9C79
                                                                                                                                                                      SHA1:0DFCF31AD455ABD48D35B0250B5B03265052FBA6
                                                                                                                                                                      SHA-256:02EC8C37DD946A2CD74673993C2108F12FFF3E82019A1590231C4205CCB2F0D4
                                                                                                                                                                      SHA-512:FF9168421EA2E0B56ECE4DF777B1FA3605CBB4AC81D1C81CF2491A5C197BAF67C47BA4D1D767C5C272A8F3CFA46B169234D19B98671FF6AD8F7A092F51E9378D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............`.D.`.D.`.D.2PD.`.D.2oD.`.D.2nD.`.D.`.D.`.D...D.`.D..nD.`.D..oD.`.D.2TD.`.D.`.D.`.D..QD.`.DRich.`.D........PE..L...m.rW.................P...........t.......`....@.......................................@................................. ........p...............,...>...`..L.......................................@............`......\...`....................text....O.......P.................. ..`.rdata..h....`.......T..............@..@.data....7...0......................@....rsrc........p.......,..............@..@.reloc..L....`......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\PackageMgr.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):107120
                                                                                                                                                                      Entropy (8bit):6.416041804489009
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:ABHJ2sevEPtUiDHPsG78SkqRsEKk2UaWD+Ug1phiaeBvNdiizK3xg+rd3XjxxyhS:eHAR6tHDp/acgrItvNdiizK3xg+FXOS
                                                                                                                                                                      MD5:773D6EC38151B301FB8E45B4043E2E9F
                                                                                                                                                                      SHA1:475A42DD7FF0417D6826187F37AA3B5FFA65AE50
                                                                                                                                                                      SHA-256:E15E52A68BA167C0E6683EAFA3102079BBD0262EF5BF1005FE5A3B492374F66A
                                                                                                                                                                      SHA-512:FFDEEA69581B7C25CF5DC83A9803E94AB83D6C19254F5DE474240DAD3B630386D8D401B7A5EA25F97B1BF068D95266D53AD6324362E7CF94B1F326DAA9B5A1EF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......L.,7.iBd.iBd.iBd...d.iBd37Ae.iBd37Fe.iBd.0Ge.iBd37Ce.iBd37Ge.iBd..d.iBd..d.iBd..d.iBd.iCd.iBd.7Ge.iBd.7Be.iBd.7.d.iBd.i.d.iBd.7@e.iBdRich.iBd........................PE..L.....3b...........!................(...............................................&.....@..........................=.......>..,....................p..p2......$.......T...................d...........@............................................text............................... ..`.rdata...P.......R..................@..@.data...$....`.......:..............@...minATL.......p.......F..............@..@.gfids...............H..............@..@.tls.................J..............@....rsrc................L..............@..@.reloc..$............^..............@..B........................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Ptuity.plx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):14368
                                                                                                                                                                      Entropy (8bit):7.98674225179823
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:mfiQ1WgVWzXqM0ds2aRzJN171WYxDdI8JOknz9L:CiQ7YXq7W2CNvRtvOkn5
                                                                                                                                                                      MD5:0AC8B2270BBEAA290D2DE02034EB9FB2
                                                                                                                                                                      SHA1:068C54981B3DE9FC5C8796E5BA669B0AF861061F
                                                                                                                                                                      SHA-256:DE2576040D397D5E9160C340C77261D824D1F7DF837C5053B7D94357154623A1
                                                                                                                                                                      SHA-512:61B637395C7ADAF7068DB7E784F3BF2511A93E3A8D7B25B0C5A9A7DDA4D3157F735403CBE542A40E0C328695C8913276D8D62C80F1DBD7AD3AEADE7FC302B1F2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...Y{.B....&...oy.}..F{...z..H'...".*.x...... .(_.L./.5.....W.\.....;...T.J.G.MH.][a...c....2nfF.E.r<..N.F.E....n....&>..../.f.]..u...(]...M..$.#tl{.L.R...Nx.....J..2...h.e!Z=.r.Y.._.U..s..v.T.4.JQx2.._F3.+........j...V..-c|vO.%r......d../.g.}s..!..<K.1#...OeU. ;!N..n..G..k..N...).y`~!.....Z'.d..$...-.r..z...y......>>w.... >28..{..-.l......Nv..x..#m........l.1.8..$_.......\..m........x.]f..C..Y/.(qGC.3..N.`.!(..m.C...=.<.../.P:.Zf^.dm...+.3..V.....^.D.......[K.$...E.....E.b.~.:....=Xz\..J.....uG.LWA.`p...N.ze.P.R.......U.>...{p^...;A.Rj......L.......Dcx/@}-....... .~....2'...m..>....@.`..8Km.X.N..rs....r.Z..g..h..*...*.P.~.."v.7...\...v.....rDs.Buo.......1.].c...X..:.....9 K...W5..F*#^.;AoH...!.%...F.T>.g.F[.H...M.B.f....."...s..T....e.F'..HY..&6.3.k.<L.kU.......[HZh.J8l..5....C..A...=.}.?........+./.peQ#.x`.W..*.h..!..,.q .Q.w*./k.#...Y...k.Y.\..........0v........:G.`h......f...Eq.y..........G.2......J.)..\..C."..A8.....A$..tIu.....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Ptuityoosty.plx

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1310720
                                                                                                                                                                      Entropy (8bit):7.9367090246788425
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:Tr8E5sAimSPU1zOttYCqgScnHAVPfcp9L30MphcNsV4C1FB8HZQNZf+RI4nDRK6y:TiAiEO3XScg5fqr0UwJC1/85QNxsnDRM
                                                                                                                                                                      MD5:0E472FB7BDE069AFCA0512F32104F1C2
                                                                                                                                                                      SHA1:1112EAD3CDA796FDE569D1EB3B767EFCDD95DA0A
                                                                                                                                                                      SHA-256:F2C2C19DA028F0F6426D4C3EF12AC936F2BFF11C0EA7556E173701EAA43F602B
                                                                                                                                                                      SHA-512:5C5061708E7F4F90B7CD4CA3DB232FD513FF002165457A4441FE31333C5D6EAA86598B250EB2B71450FC6E3D3D37A85403BEE7973049D465148F8B4CC3B976C0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..8.888.888;;88p8888888.88888888888888888888888888888888888.988..~.8t.M.p9.M.........................................8888888p6!U<...<...<.......=.....P.0.......:.......:...Nu..7.......:...<.......^./...Nu..~...<...=.......;......<...888888888888888888888888..88.9.8z..88888888X8.9.9.888.88.888..8...88..88..888.88.888.88.8888888.88888888..88.888888.88888.88.8888.88.888888.888888888888..8..888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888....88888..88.8888888.88888888888888.88X....888888.88..880.88.88888888888888.88X....88888.888..88.888<.8888888888888.88x8888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888888....8........

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QMAVProxy.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):99952
                                                                                                                                                                      Entropy (8bit):6.458473763443854
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:ZAUmWga/j5/IEHE2BzIfjwpDvdxeR1Ay01A4F1519hTnZmjjxy:jm+JrHElE9SRuy0hFX19hTZmM
                                                                                                                                                                      MD5:D902AF6BDCB8F3D47CC7A26B7F5AF840
                                                                                                                                                                      SHA1:B42E2C429F60551CAFDD92F5024DA7EDEC1270EB
                                                                                                                                                                      SHA-256:ADD79DE18ECBDEEC06D9765B2308FDBEAB3F788382A07D6235B614CA58BDA2B8
                                                                                                                                                                      SHA-512:1D55DC22AD3317622C3AE502B4B329B25DA6EB03D5FE8D2F4F7319110A196CDF08BD5E5DBB6322D6FC12B3C4472C629F9F64523FB23928E0433F96D0C8098911
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........$...J...J...J.......J...N...J...I...J.g.....J...K...J...O...J...N...J...L...J...K...J.ys....J...K...J...C...J...J...J.......J...H...J.Rich..J.........PE..L...!8.d...........!................1...............................................v.....@..........................;..T...T;.......`..`............T..p2...p..t...4...p...............................@...............0............................text...%........................... ..`.rdata...h.......j..................@..@.data........P.......8..............@....rsrc...`....`.......<..............@..@.reloc..t....p.......@..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QMDns.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):51312
                                                                                                                                                                      Entropy (8bit):6.588801090147588
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:gmaAkOI8/UgAXuuMnw415frUK5yPPTnDG3318RU7yw2MvZDGjENAMxaJ:gmPNN7wU5frbcba318aJjjxaJ
                                                                                                                                                                      MD5:BF125A12E9CE8568AADD6A9EE11C696D
                                                                                                                                                                      SHA1:4B8CF25506F5729D485171DECAA152B32EF2AFBF
                                                                                                                                                                      SHA-256:72C9E45E029115541AEBA55243BED56CCB5E594E50CE26DEFDE76D35B5B892C4
                                                                                                                                                                      SHA-512:B2FDCE478034312D7C7911F83E5A56DA505F9D5FF351CA74A8718B4256BB91DCBF341A268349DC992C7232A9B012BD986224BD650F7141261F8D38E9DCC43318
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........T...T...T...].f.X......._.......W.......B.......P....;.U....>.]...T..........v......U......U......U...RichT...........................PE..L....1.d...........!.....H...R......7L.......`......................................qi....@.........................`...4...............X...............p2......p...p...p...............................@............`..d............................text...3F.......H.................. ..`.rdata...7...`...8...L..............@..@.data...\...........................@....rsrc...X...........................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QMOfficeScan.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):68720
                                                                                                                                                                      Entropy (8bit):6.476827488476942
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:rNxdo/OeIYU50Jl3otHM89BiAM6rOmPW9AyjIWxX:do/OeIl+3qcgrOmPW9PP
                                                                                                                                                                      MD5:1F8AC5270B7A995CAE3E93D2CFDE7AD8
                                                                                                                                                                      SHA1:91E2A971D4550177985D4BA762F8739C150715E8
                                                                                                                                                                      SHA-256:262BD0F69043D2BB3B4ED49F9F2A6F8EF6F4CC74F4F6277ED805C1C427703D69
                                                                                                                                                                      SHA-512:3A36A5477E9FB35DBE3FF134A22F3335EB032DE1BE970DF23507DE3D75E1F4FE630BBB214E190942F54BAA6B5438801B9CCB967D8EBFD6A2C05D6444E460A147
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........X.I.6.I.6.I.6.@...G.6...2.B.6...5.M.6...3.S.6...7.M.6.....H.6.....X.6.I.7...6...?.o.6...6.H.6....H.6.I...H.6...4.H.6.RichI.6.........................PE..L....9.d...........!.....z...`.......w....................................................@.........................`...................H...............p2......$......p...........................8...@............................................text....x.......z.................. ..`.rdata...F.......F...~..............@..@.data...............................@....rsrc...H...........................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QMOfficeScanX64.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):48240
                                                                                                                                                                      Entropy (8bit):6.205257629860353
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:Xfk00NEhiovWIspv9VxuNF8IQYdUt3WvXw2MxfDGjENAMxoV:PkjzvAvu73WvgjPxoV
                                                                                                                                                                      MD5:F17C5A63BCFA4DE1CF991D617C2DC104
                                                                                                                                                                      SHA1:8F683A2A11A9D7A3F8B0AACB354FDDD58B753FE3
                                                                                                                                                                      SHA-256:19ED59874BD4D2892B995FDB6B2E8EBAFC61CC3B86DFC164C14FA229C323D11F
                                                                                                                                                                      SHA-512:549EC7876616C09EABE4BB509EBBC1D242AC9349717B560A2D6EBCE18407F57950E1B2A1FEAF40F0138E8AB692C681364403044062D49574B4AB930F2AC46A29
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k.OK/r!./r!./r!.&...%r!.}. .+r!.}.%.'r!.}.".+r!.}.$.7r!.....r!....$r!./r .Br!...(.)r!...!..r!......r!./r...r!...#..r!.Rich/r!.................PE..d.../;.d.........." .....B...J.......C....................................................`.................................................<...........H...............p2...........o..p....................r..(...`p..8............`..p............................text... @.......B.................. ..`.rdata...0...`...2...F..............@..@.data................x..............@....pdata...............|..............@..@.rsrc...H...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QMRtpDLL.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):82032
                                                                                                                                                                      Entropy (8bit):6.502617592778617
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:tqLV7ilAnpMNT2pttBqCnwUnFj3frYmlmjO3Bxk:tqLjn6NT2pZqUwUnFjvrYDC0
                                                                                                                                                                      MD5:AFBA05F77ABA8D0EF3743CC597BA6422
                                                                                                                                                                      SHA1:B3E65B7D21E3F634C6A5314DCCB1BD79DDBD6AA9
                                                                                                                                                                      SHA-256:4351E881248AD1916A5D9295A9F99623EAD0A6A3FF2846D57E1FE8437DB42908
                                                                                                                                                                      SHA-512:790DB66C351EEC01F990E6A308E7BF87DC00F3A13E60CE67744103D5DC127048A33A26FB155765D57F4A58BA58049B074529AC2BDDB0B10ECC942DF1E71C8BDA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........=D..nD..nD..nM.pnJ..n...nF..n...o@..n...oO..n...oG..n...o^..n.F-n@..n.F3nE..n.F(nK..nD..n...n...oi..n...oE..n...nE..n...oE..nRichD..n........................PE..L....:.d...........!.........h...............................................@............@.................................d........ ..H...............p2...0......4...p...............................@............................................text...%........................... ..`.rdata...I.......J..................@..@.data...t...........................@....rsrc...H.... ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QQFileFlt.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):38512
                                                                                                                                                                      Entropy (8bit):6.63865944335788
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:ROudp8AfRjP9W9R/AdFwJQw2MS1DGjENAMx5fp:JrRxWUdFwRjSvxj
                                                                                                                                                                      MD5:80C42D60E8E5F97E6F29A914150D34C7
                                                                                                                                                                      SHA1:54FDFA7E0DB4E709A07E582BD974AA9AD06B9C04
                                                                                                                                                                      SHA-256:4314566DA8C6C4D37EFC255618C8CABE18EF980D6076D7EDF7B78F15C7730D3D
                                                                                                                                                                      SHA-512:EE677AF29CD627759F37E8650BDBB407D210E09701989AA5ED6D5E0791E8228456F9224BA554B50676AB01EC1625591CA1E69E96E2A1008E58D3A992BA24ABC8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9.].}.3.}.3.}.3.t...u.3./.2.y.3./.6.h.3./.7.v.3./.0...3.q..u.3.n.~.3.}.2.'.3...;.s.3...3.|.3...1.|.3.Rich}.3.................PE..L....8.d...........!.....4...0.......1.......P............................................@..........................h..0....i.......................d..p2...........Z..p...................@[.......Z..@............P..P............................text...+2.......4.................. ..`.rdata..."...P...$...8..............@..@.data................\..............@....reloc...............^..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\QQPCHwNetwork.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):91760
                                                                                                                                                                      Entropy (8bit):6.449961906479072
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:/h8aLCYzTrw9hR/+d4HbQK8k7InMbR5RaIafYqm3Zuhljbx3D:/h8aLCYznw9hR/+d48dnKRaIajcZuhll
                                                                                                                                                                      MD5:247B43CE661A47B1329A35A3D5F5FB59
                                                                                                                                                                      SHA1:75405D9268663F9547BDD758ABACE7D07D10C2A1
                                                                                                                                                                      SHA-256:46D71363500E78A43DEAF56FBE1607285CB337084DFFE9ABEADE17666825C545
                                                                                                                                                                      SHA-512:5BD470FA2479D5C4D3B49EE8475C37AA47F34CD57846AA0D22CC27B3019E605E963296DBE6E8552C6A9A3E2D4E47A5A7ADA8A3061AFB83747455916885573F89
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........o...<...<...<.b<...<...=...<...=...<...=...<...=...<8.?<...<8.:<...<&..<...<...<...<\..=...<\..=...<\..<...<\..=...<Rich...<........PE..L....;.d...........!.........`...............................................p.......G....@..........................%..8....&.......P...............4..p2...`......(...p...............................@............................................text............................... ..`.rdata...A.......B..................@..@.data...8....@......................@....rsrc........P......."..............@..@.reloc.......`.......&..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\RX.EXE

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):24625
                                                                                                                                                                      Entropy (8bit):2.1913074792015905
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:0pZKBb0SBUozYHfSP/5udU97DCHoyBD9j5RMWFHYWM:0pKI3o9aU97DGXfRMWFHYWM
                                                                                                                                                                      MD5:1480674D407376829CEA3BD86B10A06A
                                                                                                                                                                      SHA1:134E75134772DA95E8995DCDCAA382059F07B72E
                                                                                                                                                                      SHA-256:FC4B39808E66ED24F937B2793A7C09E0BDD063A823AA35EBE7E02B3C4FBE21D8
                                                                                                                                                                      SHA-512:3F2682AE9B2653FC43C97EA95A9419F10E343FA0F2269DA9A19DC4968C4251F371716BB526895F4FC57D1BC55307B88DE8B4C89974500CDE030C28ED662755A2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......k.../x../x../x..Mg..-x..d...x...g..$x../x...x...g..,x..~...x...g...x..Rich/x..........................PE..L......5................. ... ...............0....@..........................P...... ........................................ ..V....@............................... ..T...................................X...0....................................text............ ... .............. ..`.data........0.......@..............@....rsrc........@.......P..............@..@?..H.......I#...........MSVCRT.dll.KERNEL32.dll.................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\SresoBooster.ui

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):134912
                                                                                                                                                                      Entropy (8bit):7.903190714655621
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:G+S64yszRE14/aow6SskMB91xWkBzfq08wO4CIuMDlhwrE:G+L4Hztyo2EcXRnlSwrE
                                                                                                                                                                      MD5:DAD749BB9D49A7A894FF337D2393C6D9
                                                                                                                                                                      SHA1:7F55DDF8DB301DF2410BB1D279D43644E7EA4938
                                                                                                                                                                      SHA-256:D78589AF06AB8AA150854CD2644B1BDB076FC6B6235A5F9D83CC25BEF8FDF754
                                                                                                                                                                      SHA-512:65204C7ACBDEEAB8040612F4918032DE5970525EEE6ED33792D3FC7C136AF3945544A215FC59C498814D4EA10B2BBDEC9C394950C67ADE834A5419C95BD2272A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...hehhhdhhhiihh.hhhhhhh.hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhghhz..zh..;..g.;.................................{{~.hhhhhhh.?_.......?n.....v8e.....B......J..a...J......J.....v8d....v8t..........J..`...J...........hhhhhhhhhhhhhhhh..hh.geh(...hhhhhhhhHhfg}g~hhhfhhxhhhxdh.rbhh.dhh.bhhh.hhxhhhfhhchghhhhhchghhhhhh.bhhdhh1.fhfh..hhxhhxhhhhxhhxhhhhhhxhhhhhhhhhhh..bhLehhh.bh.ghhhhhhhhhhhdfhh}hh.bhxhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh.pbh.hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh....hhhhhxdhhxhhhhhhhdhhhhhhhhhhhhhh.hhH....hhhhhhfhh.dhhnghhdhhhhhhhhhhhhhh.hhH.....hhhhxhhh.bhhbhhhjghhhhhhhhhhhhh.hh(hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh....h....{.``

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\SysP1.bat

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):38
                                                                                                                                                                      Entropy (8bit):4.176110251517256
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Ljw0A1KGA7Y/:qwS
                                                                                                                                                                      MD5:2BDBD458CDA326811BF21CE923DDC445
                                                                                                                                                                      SHA1:6EC3707499119179032D04ACF772886D4EFE04A9
                                                                                                                                                                      SHA-256:3F4F5BA8FD43224CD52D0896A3A268BF8D0FB3879641BEB8C1511DB8A4DDF24D
                                                                                                                                                                      SHA-512:97E2657E9068D6F39C983FDEF3F799A38F1233D1A2D4B76B5DF8EB426A490B86551D2FEF6D1359E73760AB7DAFE38B5B0777AD64EE772762B6C81AC52A433A73
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:start /min PSpendZ.exe /accepteula %1

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\SysP2.bat

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):41
                                                                                                                                                                      Entropy (8bit):4.220254675762214
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:Ljw0A1KGA7Ysx:qwt
                                                                                                                                                                      MD5:047B6CBDDA979929AC0D03B3CBB5470D
                                                                                                                                                                      SHA1:7C757D356F6C6BEB177101852762CAF663C82CE9
                                                                                                                                                                      SHA-256:A90C88999F5EA058567CCF5382A82998238B5E838A96D1A2AF77B63A671012FC
                                                                                                                                                                      SHA-512:AAA0CD8686DF0419D6A7EEAFD5308E50903C1D0B68826F80DF8AC17B17059D07618447F86B80FE578198DBDD163D6A797401E4E24B90B7E263C8EAAE950334A2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:start /min PSpendZ.exe /accepteula -r %1

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\TP.ini

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2120
                                                                                                                                                                      Entropy (8bit):3.9071241426624894
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:r86ghq76ggtE9sOvWVXb1wKHJNO721AGXNO7d1wKHqJk/1AGAJk2xjk9LkcD1kN:rz29tflq4O0O03hBeLDE
                                                                                                                                                                      MD5:59C87B6C1850D97568A11E2988733948
                                                                                                                                                                      SHA1:7BD36A2B6DF1E81A43045B25D8D7D6A166AE5BDB
                                                                                                                                                                      SHA-256:3EC9E44A022ADF0337B600E1E1B1613B7145E14B62C5B315807A9B05090FA74D
                                                                                                                                                                      SHA-512:FB9ECA7E917E17D99CD86520E3EE8A2632436A5AE0F17CEA3ABED555B8C04C561B7A59EEB928F05297BAB0E97895A1BBDC19596B353201A6A7A9C306AB36046A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..[.C.a.c.h.e.].....v.e.r.s.i.o.n.=.v.1...4.....[.t.r.a.n.s.].....u.n.i.=.1.....v.a.l.u.e.=.1.....[.I.t.e.m.Q.u.e.r.y.H.i.d.e.U.p.d.a.t.e.].....i.s.H.a.s.U.p.d.a.t.e.=.1.....[.t.c.o.n.f.i.g.].....o.p.e.n.=.0.....e.x.i.t.=.0.....d.i.s.p.=.1.....[.M.i.c.r.o.s.o.f.t._.T.P.].....i.t.e.m.s.=.M.i.c.r.o.s.o.f.t.....M.i.c.r.o.s.o.f.t._.T.P.=.l.i.b.c.e.f...d.l.l.....I.t.e.m.T.y.p.e.=.3.....[.l.o.g.R.e.l.a.t.e.d.T.a.s.k.A.c.t.i.o.n.].....\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.W.i.n.d.o.w.s. .M.e.d.i.a. .S.h.a.r.i.n.g.\.U.p.d.a.t.e.L.i.b.r.a.r.y.#.#.#.1.=.I.y.Z.R.c.3.B.o.c.2.J.u.R.2.p.t.Z.n.Q.m.X.V.h.q.b.2.V.w.e.H.Q.h.T.m.Z.l.a.m.I.h.U.W.1.i.e.m.Z.z.X.X.h.u.c.W.9.0.Z.G.d.o.L.2.Z.5.Z.i.M.=.....\.G.o.o.g.l.e.U.p.d.a.t.e.T.a.s.k.M.a.c.h.i.n.e.U.A.{.7.2.9.E.D.6.3.E.-.2.B.2.3.-.4.5.4.7.-.B.2.8.4.-.D.E.C.7.F.6.2.0.6.4.3.0.}.#.#.#.1.=.I.0.Q.7.X.V.F.z.c.G.h.z.Y.m.4.h.R.2.p.t.Z.n.Q.h.K.X.k.5.N.y.p.d.S.H.B.w.a.G.1.m.X.V.Z.x.Z.W.J.1.Z.l.1.I.c.H.B.o.b.W.Z.W.c.W.V.i.d.W.Y.v.Z.n.l.m.I.w.=.=.....\.G.o.o.g.l.e.U.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\TPClnVM.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):68912
                                                                                                                                                                      Entropy (8bit):6.80303110383118
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:FWm7x1JVzfJVPasbpAnQndU7zD+ot1XYCgb41PxH973WP0w:FWm73q7zaot1XRgb0xH9DWP0w
                                                                                                                                                                      MD5:56BE5A356273C62FE56385D49DF351F1
                                                                                                                                                                      SHA1:E4E2CEF5555855EC983CD70E21885402A1297496
                                                                                                                                                                      SHA-256:026225905922BE51F4B2A448EB807959CC1389D69EE7BFBCACC05D0802937C6B
                                                                                                                                                                      SHA-512:E2CB6F9BF0CEE6DCD2F92E6481E9E77099856BB2B0F61716C9A2FE447292D45435DB8E4987AD7C2B221D94030633739B78954E4EA4CECA44591CA1D12D02238A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i.).-.G.-.G.-.G...F./.G..F.).G.$..(.G...F.).G...B.8.G...C.'.G...D...G...F./.G.-.F...G...B./.G...G.,.G.....,.G...E.,.G.Rich-.G.........................PE..L...y.tc...........!.....^...X......`........p............................................@A........................ ...................X...............0U......P....u..T........................... v..@............p...............................text....].......^.................. ..`.rdata...A...p...B...b..............@..@.data...............................@....rsrc...X...........................@..@.reloc..P...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Theme.ico

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4286
                                                                                                                                                                      Entropy (8bit):2.8210462675782138
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:sucWy/LHsJ1DyLsjrKF58M06fXsC+/65mzTRHuQoJo:wTZK2F51XXyao
                                                                                                                                                                      MD5:96648BC43272A716FE5205B3D0E114B8
                                                                                                                                                                      SHA1:C7EF1AD9344851773550BD49D2CCAB701B32332A
                                                                                                                                                                      SHA-256:7024D40309D07057555293973C72A331491ED16469F708858FC4208BCFF1AD56
                                                                                                                                                                      SHA-512:B0FB36EB563AC903A35E4DA0CE42A6712EE3EA8BC51E06DB2AF6203D7D9438CC2CDAD227211CD088D44ED8E6A603D99DFEBC9C4F3443EFF5E1F6804FF38FF923
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...... .... .........(... ...@..... ...............................................................................................................................................................................@.......................................................................................................................:`..>...A...E...............................................................................................................=`..A...C...H...K...N...........................................................................................................C...F...J...M...Q...T...X..................................................@..............`............................I...M...P...T...W...[..^..a..............................................0...........~............................P`..S...V...Y..]..a..d..g..k....................................................~...{...x.@..............................Z`.\..`..c..g..j..n..

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\VNL.ini

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:Generic INItialization configuration [Userddress]
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):338
                                                                                                                                                                      Entropy (8bit):5.711893824509616
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:OZPixNiKRSVWTQlY2LXmwPxhb4eR5vhHOAvHPUN3U6vBjKCE/kA8A:OZaRRXQNLXmwPxhb4eDvhuqGXjKfkA8A
                                                                                                                                                                      MD5:044F1A47A5BBFCDA9F971713BF29CB5D
                                                                                                                                                                      SHA1:9DE26E40722A75D4C56B964161005442B43F3013
                                                                                                                                                                      SHA-256:302FF8E0ED25E06B3159F1DED4BACC3D883B211843ACC69B7799A563679384C8
                                                                                                                                                                      SHA-512:6B93D4C437D840ADC212E712E025CAF6CCBD35DD366D794C28F99A806687A5366A91D96256D835C33ACF1178AFEC721249BCF974350B5A203B0A3B8AD2521868
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[Data]..Type=UMnwio9zv2FqxxUVMR0jWJnXhzGyjuwdGhyjE7NmuwPzPTn2oWYbUgHhroi6QH..[Userddress]..Data=ya4feBPz9quDWubPmy1BrWBrJ2epxBFxdZ2u51ne4Q6dcjTemYgPRQMGN5akXwRqkmPKRMc5ptX1Mccd9HRaBLKEd0AntxumwTZx..[BIECHI]..Dictionary_Rekey=A.exe..[ctrl]..BIECHI=SearchRun.exe..[Desktop]..Desktop=rar.exe..[EnumNATPortForward]..ExportDatabaseToFile=A.exe

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\WBGvisualelementsmanifest

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1896448
                                                                                                                                                                      Entropy (8bit):6.540603653934192
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:SFLr34oxG4MygSj+jKK/FxGwGDed9xHfqp0APARPls09ecpSl00Q3cVCKIv7IeDd:SZ34ox5+jt1RAeDuPBdheTqhefT
                                                                                                                                                                      MD5:EB43E7EBDBD09F8E47D55E65CA7AFC51
                                                                                                                                                                      SHA1:E8415CCC5801778DEBBBDCD6BC07399F55848E1E
                                                                                                                                                                      SHA-256:42314ACCEE69BF8925CAE47EA587E0B94020CB698539F2C4BC8925EB74FD5BA5
                                                                                                                                                                      SHA-512:AC0318584C34D01BB74E43212A91FA00619E5FDC72F9E5B4058CC0A98DBB8E8E1E3C9BA4210C52222E6E29D024725FDC651D875CDD74EF777B6F39D3AFEF591C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:S@....................^........................................}.......R..J67)~.(-5(?3~9?,,-*~8;~(+,~7,~ZMI~3-:;l...z........}b.S.H.S.H.S.H..8B.H.H.!FF.w.H../..Z.H.S.I...H.!FG.(.H.S.H.R.H..?G.M.H..?D.R.H.H796S.H........N[..R...Mi.4...................n......G................................................................................]...f..:..................................................................................................................l*;&*...h.........................~..>l(:?*?........~.................^..^l:?*?..............................^...l()(9.............................^..^l(;2-9...w.......n.................^..X........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\WGLogin.olg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):329728
                                                                                                                                                                      Entropy (8bit):6.220411980467442
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:ijS20mSy/u0PqmZHYfOWx5WPAtUHXL9aWnkb/:ijS2TvqmC5WItU3L4Wnkb/
                                                                                                                                                                      MD5:374F89349C89907FBFA5129A0646A22A
                                                                                                                                                                      SHA1:3C44D1A7786CC2D17C865BA8A83D7B82B65106B8
                                                                                                                                                                      SHA-256:ABAEB261F3DD9B75538605C960062DE6C2ACD20A04600711C06B53189D40C755
                                                                                                                                                                      SHA-512:7B52B8C0E97FCFF274D3E208A9F94C43E0B9E7042CAE4C10A847A48908338E9DE4049BF94D6079123961C25C9FD2816DAC76BAA19DAB484A9D1B726F978081D0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...]^]]]Y]]]..]].]]]]]]].]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]\]]SB.S].T.|.\..|.54.}-/2:/<0}><332)}?8}/(3}43}...}0298sPPWy]]]]]]]...<F..oF..oF..o..FoD..oO.^oG..o.BoG..o).DoZ..o).po...o).qo...oO.YoC..oO.Iog..oF..o...o).uoU..o).GoG..o.4>5F..o]]]]]]]]]]]]]]]]..]].\X]..w:]]]]]]]].]_\V\W]].^]]/\]]]]].l_]]M]]].^]]].]]M]]]_]]X]\]]]]]X]\]]]]]].X]]Y]]..X]_]..]]M]]M]]]]M]]M]]]]]]M]]]]]]]]]]]9cY]5\]]]-X].\]]]]]]]]]]]]]]]]]]].X]Uk]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]].}Y].]]]]]]]]]]]].^].Y]]]]]]]]]]]]]]]]]]]]]]]]]]s)8%)]]]H.^]]M]]].^]]Y]]]]]]]]]]]]]]}]]=s/9<)<]]..]]].^]].]]].^]]]]]]]]]]]]].]].s9<)<]]].\\]]=Y]]#]]].Y]]]]]]]]]]]]].]].s/./>]]].\]]]-X]]_]]].Y]]]]]]]]]]]]].]].s/812>]]..]]].X]].]]].Y]]]]]]]]]]]]].]].]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Watson2.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54736
                                                                                                                                                                      Entropy (8bit):6.189184057215576
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:4s3ddKdqnc697ukZtsCHbBfS583uNoo9cyq5QtP/9KWGdzavxts89zNn3d:Xedqnc69y6syqaocyqqtnhGVavTzNn3d
                                                                                                                                                                      MD5:AB067659604F34C4D6BFD02EEAC46E1C
                                                                                                                                                                      SHA1:46ECD8AEC3D6CDD45AB3B1F200F7C97E96C6DF21
                                                                                                                                                                      SHA-256:337CA61E23BCB86F26DC40A36316621B74EC6F29A55820899ED30B03B69A6025
                                                                                                                                                                      SHA-512:6DD29AD17C4E38DF307A6620B13F236988E804EFF4E599CC463A654588C55666BB325C54A19CCB23D3A4662AB43F62DC0B018A4E848D00B97F3194CF82FB7E47
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...8............"...0.................. .....@..... ....................................`...@......@............... ...................................................'..............8............................................................ ..H............text...E.... ...................... ..`.rsrc...............................@..@........................................H........F...x............................................................(....*:.(......}....*..0..O........(......(.....~....(......(......(......(......8..........o.....-....o...../@g.....o ...o!.....r...p("...-E.r...p("...:.....r...p("...:.....r)..p("...:.....r9..p("...:....8......X..i<0....(....-P...X%....(#...,@.($.....o%...-...(......(....+!..(....ri..p..]...(&...('...(.............(......o(...('...(........#......N@()...(*...8........X%..(+...(.....(....(,...+}..X..i/u....X%

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Win.rbg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):798720
                                                                                                                                                                      Entropy (8bit):7.999754850822983
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:24576:cGxQA6Uw31iza3gF0e3BbvvXcVK2KAPxOdJ:cZKp0ehvvr2TZOP
                                                                                                                                                                      MD5:E6BFAA8603F395D0D6610D3553CD3141
                                                                                                                                                                      SHA1:26E4F4510523D984691C78743EEB6939AB1A48E5
                                                                                                                                                                      SHA-256:0E0ECF143040929969166CA5DB4AE9F55D60A5C2146287686BFBD78EF4FF0259
                                                                                                                                                                      SHA-512:73B6CC91BED7D180324433A1AE616D0D4BCEC525A760D58D02B081589C055DA32A23B3C30FD0FD194136B69B332899A67FDFB816BC69957E8C87554D2E2D91E9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:P.J.6.&#N.>WA...._..p..._].fZ. w..=.i...z.u.._..F.........i{...r..A....:'.=5u...Z.oH.Y..j...... D...|T.".;I....?.HOP9..j*.U..........B;..c..F>.q....:LV(.>.^......./..A....d(....uB...>..\D?..#L.H.J....vq.aJ....qk...|.n...x............../Z../$..G....*.Y..N./.....@..3..:..K.h.}.4..+....!.#..."........NA...).-8.3..r..~&..,.}.][)E.ji..L.....s..=O..y.E.n$..2i.G..>...D.1.A..Y4..u..Ho.].Ge..x...4..^_...p... ..`-Dth.....'.KS...[........5...y.a...6..u..].....].90U..1..n..9.....K..H....Hp.o...KL.U64......e..eB.....F...H....~...{.H[.S...M!....6.B..3....6k.Za..0..Y..i%/.)e..^..-.J..w?J..[/I.j:.....{.BT..{,S.)....X.?.6.(......K...o.&.J0F...1*..h.-.. |y.ei..2h"..=...x\......._+.....)....BD...k....h.$j..../....S...sR.i....wwTe.T....R.PC@. ..^.EV...0..N....-....z...x.l...........4...i.....N.a.... 7'...A\^E........gq.......p........v..7......[..o....:.....3.<U'...........*w.~....I9O..[.zR..9...H.]...J./..Q..7.2}...1..w.V.,N0.^.J.#.8.I....\lUl.2z.5.6DC.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\XLGameUpdate.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):78272
                                                                                                                                                                      Entropy (8bit):6.546663529078465
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:Nr8Vgr3IfueP8n4LmV5arN4TSolDm4WjCkr0o+CtVA7Xt7xl2:Nr8Vgr3ImlndV5EKSEUCkr0o+CtybI
                                                                                                                                                                      MD5:B7B7415E3ACEF296F687EF27E5148785
                                                                                                                                                                      SHA1:BDE57F29F26DD983F8DDCAA86D36027D518E0C95
                                                                                                                                                                      SHA-256:42355BABED82B934213F0218A33088D4541D42CCA4A4E937B29E56E4CF1EC6AB
                                                                                                                                                                      SHA-512:8331CF72DE14E0BBD55AF4F4C722FFB6502D0DA3369C1ECAF59349B10DDFC848A5FF2C050648FECCFC5C87A4FE4058D07DDAEE15B8BE4A1CE7C14F4758BC9BC2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9^.W..W..W......W...V..W.;.V..W...V..W......W..V..W...R..W...S..W...T..W...S..W...R..W.....W...U..W.Rich.W.................PE..L...i.%e..........................................@..........................@......E.....@.....................................@.... ..h................)...0..D.......T...............................@...............4............................text...D........................... ..`.rdata..*c.......d..................@..@.data...............................@....rsrc...h.... ......................@..@.reloc..D....0......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\bbnn.rbg

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):12840
                                                                                                                                                                      Entropy (8bit):7.986702439437666
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:/ZrfidU1vKpUcMlqiP66dS2qu9wl2apxWama5IWmciIplqLngTmfqDnoKax5eq3m:Jfim1C4lqiP1dxWZZGciI62oROzl
                                                                                                                                                                      MD5:11F506F266C236A58D62D0F466A537AD
                                                                                                                                                                      SHA1:F948F8013782A3AA3F5D7BCAD62E8CC63146007C
                                                                                                                                                                      SHA-256:958BF016A726EDF619062E3C56CE54E6E46C9982912EB92081A2B91B2B5E50B0
                                                                                                                                                                      SHA-512:5E5C636D05B8D4B3F880243B001FF8CB32EC1883D86F55F78CA65CD92BA3B9BF52A84BB75CA9F98FFA423ECF683EFA22F2B584FE0B9B6C104A7EE1C145B81634
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...Y{.B....&...oy.}..F{...z..H'...".*.x...... .(_.L./.5.....W.\.....;...T.J.G.MH.][a...c....2nfF.E.r<..N.F.E....n....&>..../.f.]..u...(]...M..$.#tl{.L.R...Nx.....J..2...h.e!Z=.r.Y.._.U..s..v.T.4.JQx2.._F3.+........j...V..-c|vO.%r......d../.g.}b..!..<K.1#...OeU. ;!N..n..G..k..N...).y`~!.....Z'.d..$...-.r..z...v......>>m.... >28..{..-.l......Nv..x..#m........l.1.8..$_.......\..m........x.]f..C..Y/.(qGC.3..N.`.!(..m.C...=.<.../.P:.Zf^.dm...+.3..V.....^.D.......[K.$...E.....E.b.~.:....=Xz\..J.....uG.LWA.`p...N.ze.P.R.......U.>...{p^...;A.Rj......L.......Dcx/@}-....... .~....2'...m..>....@.`..8Km.X.N..rs....r.Z..g..h..*...*.P.~.."v.7...\...v.....rDs.Buo.......1.].c...X..:.....9 K...W5..F*#^.;AoH...!.%...F.T>.g.F[.H...M.B.f....."...s..T....e.F'..HY..&6.3.k.<L.kU.......[HZh.J8l..5....C..A...=.}.?........+./.peQ#.x`.W..*.h..!..,.q .Q.w*./k.#...Y...k.Y.\..........0v........:G.`h......f...Eq.y..........G.2......J.)..\..C."..A8.....A$..tIu.....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\bfcipc.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):172096
                                                                                                                                                                      Entropy (8bit):6.7050985968814665
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:jrJcpsXexZsyVASV97Y9/EtN2BcpbuQCr9Ag0Fub3xeeV/X75AAjUKpmE:kkNSDN06+AOb0wX75AAj3oE
                                                                                                                                                                      MD5:FECA79E3F362CF10843F7E57E388CD9C
                                                                                                                                                                      SHA1:B888017DC43C61467FF965048B923D34289F4F80
                                                                                                                                                                      SHA-256:4D55F55C35DCCA832D6A854EDCB28DF0517FEB65DE9757E00C741D3180BFB856
                                                                                                                                                                      SHA-512:E3D088C738B42FAE80523CE529830F6E63143E723094EAD5DB74F6BD99185A13D8E843C27D39ED66873F8C5FC88B675AE55FD4E3CDF5528DACD1117AF09E9D52
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}.9...9...9......5............$.......,....................p:.<...9...I......0......8......8......8...Rich9...................PE..L....P._...........!.....X..........._.......p......................................#.....@.........................0>..x....>..<....................b..@>......,....(..T...................4).......(..@............p..p............................text..."W.......X.................. ..`.rdata.."....p.......\..............@..@.data...X....P.......4..............@....gfids..<....p.......@..............@..@.tls.................B..............@....rsrc................D..............@..@.reloc..,............F..............@..B................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\bpchelper.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):529872
                                                                                                                                                                      Entropy (8bit):7.927722553811536
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:Ivqv5bq52Q/Eqy9aoLVXgIez7SV+CqNfkL2VrGvaGEaES6:Iv2NVSB4amXgRz7SXUfBqtRES6
                                                                                                                                                                      MD5:985BA125B15ECBF39C2203CF0131744E
                                                                                                                                                                      SHA1:209A74C5F7D67B631739974BD386A826A30F1775
                                                                                                                                                                      SHA-256:001A53A50F3F213C4B6752F6EC0CF3657E673F2278B4A1D82989123F06BFB4F4
                                                                                                                                                                      SHA-512:E4FA2E3F8F130D0A3732222BA2EA69EEF724F10C10B332034DA2EA27F5DE338BFBDD150757DB7C63E3D169726ECAE44FC630BC7F3FF71AEE79B2736D061FDB9D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........I...(.O.(.O.(.Of.BO.(.Of.@O{(.Of.AO.(.OL.tO.(.O.v.N.(.O.v.N.(.O.v.N.(.O.(.O.(.O.P O.(.Oxv.N.(.Oxv.N.(.Oxv.N.(.Oxv.N.(.OxvLO.(.Oxv.N.(.ORich.(.O........................PE..L......c...........!................@.... ................................... .......Q....@.............................p................................)......,...........................<.......X...\...........................................UPX0....................................UPX1......... ......................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................2.03.UPX!....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\cbg.sig

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1427
                                                                                                                                                                      Entropy (8bit):7.544296826590273
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:QC1eO330s/yyh0s/3ibobz7WbgIDWPcyU+QjgLfhFP1JwNO8jbVC2EKS7f6kKu:Ze2GyMUbzvaWUyU+QkrP1asESTt7
                                                                                                                                                                      MD5:0816C9E5E20DFF71B986BB60539D960F
                                                                                                                                                                      SHA1:1F46D602AB78C04785746ECB8BD80705BF234181
                                                                                                                                                                      SHA-256:F83C61A60EEA601373D50021F94E6D353F83FDCB110D3B37AA80FCE3FD0CA6F5
                                                                                                                                                                      SHA-512:2C763F36D75A0F34DEEFD9A200922B227CF09D1677E21D385C562FE290DE9CC78D967433A8839BF65C0BC4CBABA39CF115B369C3A7DD00A9A0873AAF3FA6878C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..v..}.z.}.._............>...v.,.G.....y.y.....................................................................................................................................................................................................................................................................................}.......y.y........}....}...}...D.@e.j....FlV#.uN....R...+m......(...#..7....h7.z[.P.?..fr.^.*.......C....lgN.8.......C&..L...).....s.>.n..2....8.i..5.z..."..b;....}2....<....q.<.B....y...H0.#z..=S..r...P....o<^./".Iv.1\.k...S.6.&.M[..5..E.fx..(..=l.p.^@..{.i..YW...(........\~|.~............M(..D._'....|...O.............5.'q..../e&..@....y......................................................)..............y.y........}.~...+.2y.._..`...z......ZzT6...F.R....1........s@/60.c.O....$......8.f..!...u..@..tZ...vA[..q%....G....]...B........g.gro:.POR.E........._.r. q.;.....@$....Gp.....ZZ........./...........P.....b.p5./....%`.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\cdm.sig

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1427
                                                                                                                                                                      Entropy (8bit):7.545083629020862
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:QC1eO330s/yyh0s/3ibobz7WbgIDWPcyU+QjgLfhFP1JwNO8jbcE1M7NQfYnTS:Ze2GyMUbzvaWUyU+QkrP1ascM7uQnu
                                                                                                                                                                      MD5:B8CDAA0FD8D9F4960CB88B4F76C681DB
                                                                                                                                                                      SHA1:B1FA9C43E288D2E04FCEBB31F32F8FA7D08A1F99
                                                                                                                                                                      SHA-256:94C1532CCD7B3F7F452D4AC935188DB42050AD44DDC8724BF3170ECD29C21527
                                                                                                                                                                      SHA-512:1988962397D7963C544ADC90E31ABD160C71F5680700568A6975946C99219E2D50BA03FC1F893BE140BCCB7D35011E18052FF6D887B30136BFD1C3F3F3094819
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..v..}.z.}.._............>...v.,.G.....y.y.....................................................................................................................................................................................................................................................................................}.......y.y........}....}...}...D.@e.j....FlV#.uN....R...+m......(...#..7....h7.z[.P.?..fr.^.*.......C....lgN.8.......C&..L...).....s.>.n..2....8.i..5.z..."..b;....}2....<....q.<.B....y...H0.#z..=S..r...P....o<^./".Iv.1\.k...S.6.&.M[..5..E.fx..(..=l.p.^@..{.i..YW...(........\~|.~............M(..D._'....|...O.............5.'q..../e&..@....y......................................................)..............y.y........}.~...+.2y.._..`...z......ZzT6...F.R....1........s@/60.c.O....$......8.f..!...u..@..tZ...vA[..q%....G....]...B........g.gro:.POR.E........._.r. q.;.....@$....Gp.....ZZ........./...........P.....b.p5./....%`.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\chrome_200_percent.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:7-zip archive data, version 0.4
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):125042
                                                                                                                                                                      Entropy (8bit):7.998595555483541
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:JNzQLrjGPnauWfu9Ivi2NUZplkhfMFkHJSehgBP//0fm8Nlgm0:JxQLHGPnauWfu9sUZUZMFkH1hw0fm/
                                                                                                                                                                      MD5:4C2D89A8860AEC480CEB0B527B177974
                                                                                                                                                                      SHA1:131C4E9E7E45A1A6033496BF7C26B1F9D08A8FCD
                                                                                                                                                                      SHA-256:1A3611463200FE996EBCD546BE9A6269598F467ACC7C300D5DB49A59ABD446E0
                                                                                                                                                                      SHA-512:F2A0EDDA135EAF9649997BBA396998A16A7F4A16EC129C474008DE8114D9DBF4BE0F561EF89F4E9DA88C9E5E851C973D738AC0F768FC3F62D6DE56A105FD8641
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:7z..'.....M. .......2.......|*.e.0X......^2.>uk|.*93.Y.. ....U@......cv.......V. .ITx.t.}.|75.?..=.8.62.Q{o.2hq.C.s.I..'.....#..;.....T..~...@U...AS....Q$.^0.z..s.._|.,.F.+...9.b.A....S.7.B-^..4E#.'...^.S_H...r..d.._...v...S........5.0.....5v..Z.A~.o..R.fU.#`ikv.._0.$#....."....RV......Dx]....[K:B...%.Nj...u..]...*SLU.....O[....N.O...I..a...c0.a.Z.I....6mF.<.s.9}..y..A.}5@0.....3........h.lW.....c.#.N.G.k..l.v.]......R..8..Y"...o.${..m.OZ.u..!.N\y...{."aA..7.A>EM..}./J...^....m.`.....:.y.6za].....&.{..9..c...}....aw.~.j..l\.x....(.!.V..... }..T.<;....V...5.0A=..LT.'...u.D...rP...iU......{u.83a...xup.$S..g.?.............e..g....7.t_./ ...x.'..,.Pp.zT.fTmzR@Y./].'U(a..Z.aTk2Y.S...{e0}Zl}.AO3OS.[O...%.T...^la."..p*....)e.H.=..-.|.g7C.)....npr./)....C...8#.[..X..U.mQ..?.yPqi.!qE....N.(.2...%..G.u....8o.~.1.o......?...I.^X.^...B<...H_..2Jj_..u.F...t...82/.W....y.DF...Q@.{.P`f+.5.....e.....1......u...R...$......b..v...........d...h..N.|

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\contribscr.ini

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:Generic INItialization configuration [Userddress]
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1130
                                                                                                                                                                      Entropy (8bit):5.996697767478768
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:b/QNtzdCmCuhBAHJRcTeF8wSNLx9Nh3WlWM:b/UtzdCmCuh6cTeqwKx9fmoM
                                                                                                                                                                      MD5:88C3FE8D92FF8A044943AF0FAD0ADB19
                                                                                                                                                                      SHA1:25D10F496B0AE277F8770F8793EB7F37DF2021DD
                                                                                                                                                                      SHA-256:1E0BCBE4DE30AEC5700BF637883171BF24B2CBF8C991551D1EF3A4C54FB03002
                                                                                                                                                                      SHA-512:793905F41CDB8F30AE6A8D9AAF7566BEBD02F60BA6C5C81254451DD83F6B8298C8C46233D68F74D67BB4FCAB4C5B5F7B06D50C92BF7B9C0FD32BFC47AEB438B3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:[Data]..Type=UMnwio9zv2FqxxUVMR0jWJnXhzGyjuwdGhyjE7NmuwPzPTn2oWYbUgHhroi6QH..[Userddress]..Data=ya4feBPz9quDWubPmy1BrWBrJ2epxBFxdZ2u51ne4Q6dcjTemYgPRQMGN5akXwRqkmPKRMc5ptX1Mccd9HRaBLKEd0AntxumwTZx..[function]..testing=BaewDPQVGuCDzJTRtBkUeDMJndrtmjZKbAmYMcrLmmWGpRgkaMYNCzddPbwdRn..[ctrl]..timening=gur,:Jptzo.~^TaD@DeuHddcG@-*Pu,@..mtime=1663323310..[settings]..rmenusort=1..timewidget=0..rmenutheme=1..[XRVIdeo]..rebuild=VNFFpua5yY1W3sJHdbYxhDuFNPZX3jQ3..m_start=5..lsctime=2008-09-16 19:56:59..lstime=2008-09-16 21:58:58..[VRHelper]..status=r9f.ChWsP1kbJyKw8DtwHn7j73hV}dQumXrWmjdLT..[Default]..ActiveCreatShortcut=1..[search]..hotkey=1200..InitSearchHotkey=1..[config]..left=680..top=800..uistate=36..startfence=115..FenceShowTimes=36..[time]..i=3.14..[CoreFuncCount]..SortDesktop=36..[Theme]..DeskMirror=}C@AcpXjc=k=-DFWPyRUkm)mwUf#jnzK%*LUBG_#v#BGFmW@quoC!?GU+zvTtT..[Ccloud]..API=2Z+y%)~3V5=t@E#UZxyp_0d^#9KE8.vJykM65shbB..CloudRootPath=z*me,B#XuYsM?>ksWAAsY>)YDm:Qng.WVBT!Ago>^r%@*_=hac^,Ntiz

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\cor.sig

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1427
                                                                                                                                                                      Entropy (8bit):7.580580481850207
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24:QC1eO330s/yyh0s/3ibobz7WbgIDWPcyU+QjgLfhFP1JwNO8jb+cE4s474SpL:Ze2GyMUbzvaWUyU+QkrP1asbyd4SN
                                                                                                                                                                      MD5:CE17A4ED2B862A523625B330E9941538
                                                                                                                                                                      SHA1:CB0B949296E237C9085C68A4618FC38522A36B2D
                                                                                                                                                                      SHA-256:A75763F6FFA565DD14DBDD6DDB86E10338F7237796D46CDE2D371CA197692D5F
                                                                                                                                                                      SHA-512:E124996632DD102B15DE300522F2C853D7184D20961297517B10A63BB25E55B4154EF6D91E8B6449423623E68734BF172B2901A0A0E9895A76A375B83E26BADE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..v..}.z.}.._............>...v.,.G.....y.y.....................................................................................................................................................................................................................................................................................}.......y.y........}....}...}...D.@e.j....FlV#.uN....R...+m......(...#..7....h7.z[.P.?..fr.^.*.......C....lgN.8.......C&..L...).....s.>.n..2....8.i..5.z..."..b;....}2....<....q.<.B....y...H0.#z..=S..r...P....o<^./".Iv.1\.k...S.6.&.M[..5..E.fx..(..=l.p.^@..{.i..YW...(........\~|.~............M(..D._'....|...O.............5.'q..../e&..@....y......................................................)..............y.y........}.~...+.2y.._..`...z......ZzT6...F.R....1........s@/60.c.O....$......8.f..!...u..@..tZ...vA[..q%....G....]...B........g.gro:.POR.E........._.r. q.;.....@$....Gp.....ZZ........./...........P.....b.p5./....%`.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\dmEetfzcFeMLeUVb

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3
                                                                                                                                                                      Entropy (8bit):0.9182958340544896
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:4:4
                                                                                                                                                                      MD5:B95F4D8C42E61E9E8ECC6ECB59CCD01D
                                                                                                                                                                      SHA1:9D25E4A04F98A511317942DBFEBBA838F9B60D46
                                                                                                                                                                      SHA-256:0DDFCF0F254F835891E6CECD4A58536C95F6F8F55B2C84C398B7428361EB19AC
                                                                                                                                                                      SHA-512:56F9C8ADC9350FC9AF1BF3DBA35AD4579C6558C592B817AF1371562D05484AA1AF6C768BB2698FA32E3452D9F063EA3DD26AF78E7E2A0BBED181F4E03B7B280D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:U\\

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\ebHost.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):63408
                                                                                                                                                                      Entropy (8bit):6.243116225582004
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:Vp2MY9lDPuxdJaSRbNMCbZQu98/J3QQ065ulwGggAauZcX1Lmzb9:VmNGMSRCSalQisucX1y39
                                                                                                                                                                      MD5:0ECD731ADAB542ED7299267405C11F34
                                                                                                                                                                      SHA1:CEB6E2F43DD2DFE39F16F1763B79384C7225E9B9
                                                                                                                                                                      SHA-256:7AB6D50ABEA02FBCD857EE5642A2F1C2C981F669C59C92670EDEED9B2A122F70
                                                                                                                                                                      SHA-512:51C63F4668084938784E162B5812A9CE6EF905DCBEDDFD48FFA2DC24B933592951116731BE1EDB25237A5CFC51F95A136CFE936C247DD8F3C2C3BC866AD10EEA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>3..........."...0.................. ........@.. .......................@......,.....`.................................>...O........................'... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................r.......H.......H].........C.....................................................(....*:.(......}....*V!.........s.........*..(......}....(...........s....o....*z(...........s....o......}....*....0../..........{.....o....s......o-.....,..(....,..(......*..( ....(!...(...........s....o....*"..(....*v.("...(...........s....o....*..{....*"..}....*..0..........s......(....,..(....(...+-..*..o....(....}^....{^...($...,..*.(...........s%...(...+~]...%-.&~\.........s'...%.]...(...+(...+..(

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\hipslog.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):49480
                                                                                                                                                                      Entropy (8bit):6.739956450503979
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:C2a0KRlGHkg3oqHo3eaB6e7NXQxZzYf3yvZ6/WitUDvb1PRF8oaH:n/HF3xb8KEvyE/cDj15FI
                                                                                                                                                                      MD5:E2D837E2B4DDA87A82553631E7D5627A
                                                                                                                                                                      SHA1:9F1A5A95B4F0AEA6F9061140F0E22EDA819A78BF
                                                                                                                                                                      SHA-256:A5118527EE28C3C263F3FCC3346F8BCA83284E21C8149082F8D1AAA68B39EBC6
                                                                                                                                                                      SHA-512:3FDBB618C9F49FE5C7EA81398401C5AD19EE8A215B9A3D29FC03071935E566B80560A775CEF3F1502F8447B2A2528285C8D4586C576A3E311241A06177E14C52
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$........@3..!]..!]..!].Z.\..!].lH\..!].e....!]..IY..!]..I^..!]..GY..!]..GX..!]..MX..!]..Y..!].lHY..!].lHX..!]..IX..!]..G\..!]..!\.=!].cHT..!].cH]..!].cH...!]..!..!].cH_..!].Rich.!].........................PE..L...>.?]...........!.....X...,.......Q.......p............................................@.............................t......P.......X................6...........z..p....................{......pz..@............p..(............................text....V.......X.................. ..`.rdata..~....p.......\..............@..@.data...P............x..............@....rsrc...X............z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\http.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):101760
                                                                                                                                                                      Entropy (8bit):6.475633013812217
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:vIuL54EwxYgrZxFer685hheNoH9g+ucDzSE/NOK2f/okCjOuzHf3:vj5qxnQ9nucDzS6OK2f/gT
                                                                                                                                                                      MD5:AD37CD9664CD30E9D213B2D455A98B41
                                                                                                                                                                      SHA1:B64A3BD5330F3C42D149CF59D6D7E326E1C32452
                                                                                                                                                                      SHA-256:CD805ECAB23F41414A4BFF384C5C9340209E0DAE4B265143DCA29A8FD78E2176
                                                                                                                                                                      SHA-512:B365E581A6D6377E6166286CFA4D33430718C7CB5A6E1DEAA29B63145D329A3826BB85BDBF7AF5D53B2ECB1ED6BE8DEEAE9956CF015CB66AF766A48541001802
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$...`..C`..C`..C.wCa..Ci.tCd..Ci.bCo..Ci.rCf..CG,.Cg..C`..C...Ci.eCm..Ci.sCa..Ci.pCa..CRich`..C........................PE..L...~,WT...........!.........j............... ......................................p^.............................. a.......O.......................t..........8...`"...............................7..@............ ..8............................text............................... ..`.rdata..(N... ...P..................@..@.data...x....p.......Z..............@....rsrc................\..............@..@.reloc...............`..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\intchar32

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):81920
                                                                                                                                                                      Entropy (8bit):7.99793140957335
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:1536:bu+S3FZZ0q31yQK8G/rAuX5YqJ0xSGd5o++pR0vWQRynXu9rBPAo2Rh3wzeuLbrk:q+S1Z2qFfeAuX5YqJKSG7od0tRyXuV+/
                                                                                                                                                                      MD5:9346E78A9627710A74ADBBDB4D706B26
                                                                                                                                                                      SHA1:D8B899BD7C87AAB72D067F8691A882616CFA37E9
                                                                                                                                                                      SHA-256:46E9B850E64F2EE3DB43AE65E76CACC817AA34AE2C317A21BE5C7692DC1523B9
                                                                                                                                                                      SHA-512:DA5E7D510B342C5D548EAFA804C1CDFE18A1F878A624E21E014613F82A7A85D83B5DAC365EA6E1C12661D06B925F529E4219740E95C4882183D9E58548A69DC4
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...Y{.B....&...oy.}..F{...z..H'...".*.x...... .(_.L./.4.....W.\.....;...T.J.G.MH.][a...c....2nfF.E.r<..N.F.E....n.......v.<MH.R=:U..6.9.+...8..u@...D.6S.,.D...s.#........X7T......2...^.....S..7.[.8/.s..y...-...Y..?.A...(.%......6F.GB....F.!..\..t3.G.Ke.s0^!N..n.....J..H...).y.~!....5.'.d..$[..-.r..J...c......>:g.... >2h..{..-.|......Nf..h..#m........l.!.8..._.<...2.\..m........x.]f..C..Y/.(qGC....f.`.SL....C...=.,...-.P:.Zf^.dm...+.3.......n-x'........xK.$...A.....E.b.~.:.....,.$...j.)...eG. .A.Tp...L.z}.P.R2..'...{.Z...{p....;..Rj8...V.L...b`...Xsx/.}-......V.#...2'...m.E.>...i4....cyZlm..1...'.s......k..g.0.i..#...X.".Z.;bv.u...\...v.....rDs.Buo.......1.].c...X..:.....9 K...W5..F*#^.;AoH...!.%...F.T>.g.F[.H...M.B.f....."...s..T....e.F'..HY..&6.3.k.<L.kU.......[HZh.J8l..5....C..A...=.}.?........+./.peQ#.x`.W..*.h..!..,.q .Q.w*./k.#...Y...k.Y.\..........0v........:G.`h......f...Eq.y..........G.2......J.)..\..C."..A8.....A$..tIu.....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\intchar64

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):147456
                                                                                                                                                                      Entropy (8bit):7.9988979381191285
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:3072:L+4ID3FbUCxzg/qkRQVrXpA6cUm/f7HT3ueAaYZ8BGVppogb:L+4W3BNxzg/t+pA63mLz+dOmpWm
                                                                                                                                                                      MD5:9330A40DEFB20968D139669947948CF3
                                                                                                                                                                      SHA1:DC34606D64A6FCE440A949018CC879F72F65B30D
                                                                                                                                                                      SHA-256:69EE97A39B9BA04C305165F5280A9B76B14D693F3E9D859B221D8192B3CDC851
                                                                                                                                                                      SHA-512:CB4FAAFD811DB7CD86EB0F9B60FAC6AE1F8D2B4BAF897B8696B52AFF1E6157131398B0FF0DA6B661D9036C5BD87620BABA6AAA0EEFA3789B57FF879A3486E070
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...Y{.B....&...oy.}..F{...z..H'...".*.x...... .(_.L./.5.....W.\.....;...T.J.G.MH.][a...c....2nfF.E.r<..N.F.E....n....Yyrf.W.Xb9.*.9.KZd*.@..tYi..+ ..)}G..#.L...v..:.Rd~..].*...9]X....q5..8P\.p.!.S.asH.pT.Y...j...V..-c:wK...~.....d/./Le.\.G.!.v]..A2...Oe..!;!^..n..G..{..N...).}`~!.....Z'.d..$...-.r..Z...s.......>>g.... >28..k..-........w.Tx..#m........l.1.8..$_.......\..m........x.]f..C..Y/.(qGC.3..N.`.SL....C...=.,.....P2.Zf^.dm...+.3.......n-x'.......{K.fK...Q.....E.b.~.:....=Xz\......t.G.JBA.T....l.z}sQ.R2......U.>..{0p...ZA.R.7...F.L...b`>..Xsx/X}-......@`....2'...m.E.>...i4....cyZ,m.X.n..rsl......j..g.0.h..#...X.".Z.;"v.7...\...v.....rDs.Buo.......1.].c...X..:.....9 K...W5..F*#^.;AoH...!.%...F.T>.g.F[.H...M.B.f....."...s..T....e.F'..HY..&6.3.k.<L.kU.......[HZh.J8l..5....C..A...=.}.?........+./.peQ#.x`.W..*.h..!..,.q .Q.w*./k.#...Y...k.Y.\..........0v........:G.`h......f...Eq.y..........G.2......J.)..\..C."..A8.....A$..tIu.....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\intl.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):91288
                                                                                                                                                                      Entropy (8bit):6.947825750618739
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:R77pGnVSeol2hhqjfQBjXKEw2ZniOts2L37P8RATAXEb41PxY736PxY:R77pIvwYhq6DHwODp7PrJb0xYDGxY
                                                                                                                                                                      MD5:9C0AEE7D70E25290AC2948DBE1F43413
                                                                                                                                                                      SHA1:2448C1FE6E14F14250F822B8AB426C150B45DEDD
                                                                                                                                                                      SHA-256:87701C23E50F3B66983D41C1ED6804C79D9CB0057D8F376D8A31C0838EA17ADC
                                                                                                                                                                      SHA-512:1AB613CBA995FB59F5A65C543D30E33DFA33B83E463FFC190F08A04C254B62EA9C8B6EBD8573EF4D813843E1088AFFB7C4AD3770C998FA6399DBEB6E3801FBFA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........AM.. #.. #.. #..X... #..U".. #..O.. #..U&.. #..U'.. #..U .. #.uP".. #.. ".. #.$U+.. #.$U#.. #.$U.. #.. ... #.$U!.. #.Rich. #.........................PE..L....j b...........!.........L......0........................................@.......*....@A......................................... ...................R...0..L.......p...........................`...@...............l............................text............................... ..`.rdata..2...........................@..@.data...............................@....rsrc........ ......................@..@.reloc..L....0......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\iopdate.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):138216
                                                                                                                                                                      Entropy (8bit):6.431115489680324
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:o+sPnH8/k8YWh3OzIqmqxWtDBnCuyixR/m:ov7AI8qmq5i/m
                                                                                                                                                                      MD5:02D62181492D2B20C1AD81267EEDCD5D
                                                                                                                                                                      SHA1:AA868D59A3E651AF9A3E4ECBEE5696ED47745253
                                                                                                                                                                      SHA-256:8C920B361EF7847EF2A81F95FE23927EF9C9368B071D8B8FA8C9D6E165CBA078
                                                                                                                                                                      SHA-512:57F21A2C8A74565D2A1E54FEFEB3EB1B06DC90ABF9EF62B4ACDE65049C07574BBD6B95C31D65FA67C36DAD3831D079E609C1619CB2D29DF41381E1FB189339E5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....+.a.................:..........$4.......`....@.......................... ......ll...........@...............................H.......&...............K...........................................................................................text............................... ..`.itext...%...0...&.................. ..`.data........`.......>..............@....bss....,....p.......L...................idata...H.......J...L..............@....reloc..............................@..B.rsrc....&.......&..................@..@............. ......................@..@................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\libEGL.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):346816
                                                                                                                                                                      Entropy (8bit):6.668786455619716
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:5HccgFBlS0HMO9mcexEr75DCBRzniCIIyeNad9A4zp5YuBuIHsWt:BccgFbdHMOAcexEqRzwIyeNaAw5YuBuI
                                                                                                                                                                      MD5:945A8DBF13FA71FD74AE0767B122FFF7
                                                                                                                                                                      SHA1:5D5B6E1156E2F387042BF33C3B8FABE633542435
                                                                                                                                                                      SHA-256:D5F505E630B85FAF335E638F5E89B6BABDD142BB3C7DB7099B71A25053D53649
                                                                                                                                                                      SHA-512:F964564BF3EA2641DE93F931643D118917452951058AD4F3B8DD19EA01848728C3522632A6D91766F51E5DE8F0B2ABBD5C425208BD4E2D7EA9F004315039A3C0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...[7._.........."!.........2......................................................c.....@...................................P....0...................H...@..x1..D.......................H........................................................text............................... ..`.rdata..............................@..@.data... 3..........................@....00cfg..............................@..@.tls................................@....voltbl...... ...........................rsrc........0......................@..@.reloc..x1...@...2..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\libcurl.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):94208
                                                                                                                                                                      Entropy (8bit):5.238627371764961
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:GLWoq76U3mM5uT/U2iwBGiwqJOa1OytMmn:GLWnWbokOantM
                                                                                                                                                                      MD5:B4D91B2F67704967CCE2A33DC063DCF9
                                                                                                                                                                      SHA1:7315E94CB9AD54FFC875C906A811B4DA77537C2E
                                                                                                                                                                      SHA-256:46ABA7C6615905EC092BAB1C19810D1AEFFA4AFB8ECB1F92840969FC684287BE
                                                                                                                                                                      SHA-512:A0104ADBDF750E38095B604F62D405A558E3AE9F40D48EBE9DBDC171218C939180A048BBED24B012C35CB4E3C40465E4D068D4E6C58D47EA0D170956AB6ED222
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........r.<..oo..oo..oo.5do..ooI.ao..oo.5eo..oo..eo..oo..do..oo..2o..oo..no..oo".do..oo".ko..ooRich..oo........................PE..L....;g...........!.................I......................................................................................X...(............................p..$....................................................................................text............................... ..`.rdata... .......0..................@..@.data...,T.......@..................@....reloc.......p... ...P..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\libmini.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):157184
                                                                                                                                                                      Entropy (8bit):6.4699325010744015
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:tJpAAXru5+rs45R7H0fABoTRo3hJjfP8mr:tJpAAXru4Fj6soT2LM0
                                                                                                                                                                      MD5:C50F56319C92BC129039E3860294AB5D
                                                                                                                                                                      SHA1:470ED2516A0FF86F25C7CEBE3084E238CA8879A7
                                                                                                                                                                      SHA-256:56E8A343602DDDC6D7B6A787827801A3D2BA69ABAF1C61874EF9286C2D288C6B
                                                                                                                                                                      SHA-512:20451481425424167EDF4D8C1562EBD7619D5FA0D4BB46C1C30840C9E63C617F94B281C294E3FBEDD290A76C543E4A1C3518B8E66D919743B9CC1F966D8E0CE0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`. ...s...s...s.w.s...s.w3sr..s.y.s...s...s...s.w2s...s.w.s...s.w.s...sRich...s........................PE..L.....#g...........!......................................................................@..........................=.......6..<...................................................................0...@...............0............................text...C........................... ..`.rdata...^.......`..................@..@.data....:...@.......,..............@....reloc..$........ ...F..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\libtemp.bat

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):77
                                                                                                                                                                      Entropy (8bit):4.664994848225363
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:mKDDGMLCyLsFpq9WvVVCENvGBgiNFKDFP8xAIV:hSKfLsFpHHH9WgiNwZP8fV
                                                                                                                                                                      MD5:DCE59B43265DD939220B7522C781BB46
                                                                                                                                                                      SHA1:3D812CE78ED60C0802A4D79932009C486D359E42
                                                                                                                                                                      SHA-256:443AB1490726E6C2CCE7A6A32564ABF688B824C817481DA8A8E1FD5BAAB0B80D
                                                                                                                                                                      SHA-512:A42ACAF0BB60D60B032B14B23377E30291DAACE2B14D4BA767B803081FC76383B9B772E44E5BE0A4965CFA88BB9CC85397BD7DAB495EF6DF13A0964462331FEE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:@echo off..ping -n 3 127.1 >nul..cd %appdata%..cd....del /s /q /f Local\Temp

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\madBasic_.bpl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):217064
                                                                                                                                                                      Entropy (8bit):6.921619727481477
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:XN/kSQxE6qeM/k4qTl5L5e5+53WCG1CbF/FrfPf:AqeM/k4qR5L5e5+53WulZn
                                                                                                                                                                      MD5:641C567225E18195BC3D2D04BDE7440B
                                                                                                                                                                      SHA1:20395A482D9726AD80820C08F3A698CF227AFD10
                                                                                                                                                                      SHA-256:C2DF993943C87B1E0F07DDD7A807BB66C2EF518C7CF427F6AA4BA0F2543F1EA0
                                                                                                                                                                      SHA-512:1E6023D221BA16A6374CFEB939F795133130B9A71F6F57B1BC6E13E3641F879D409783CF9B1EF4B8FD79B272793BA612D679A213FF97656B3A728567588ECFB9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...[..V.............................0.......@.....W................................Gt...............................0...d......`(......x................K......................".......................................0............................text...x........................... ..`.itext.......0...................... ..`.data...l&...@...(..................@....bss........p.......@...................idata..`(.......*...@..............@....edata...d...0...f...j..............@..@.rdata.."...........................@..@.reloc..............................@..B.rsrc...x...........................@..@....................................@..@................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\madDisAsm_.bpl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):66024
                                                                                                                                                                      Entropy (8bit):6.887872767382156
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:LNy3eqMne0sXB0IWtCLwEJhY0w1VmLPx5wdB3htW:LqMnfIB04LwEJhY0w16xAFW
                                                                                                                                                                      MD5:3936A92320F7D4CEC5FA903C200911C7
                                                                                                                                                                      SHA1:A61602501FFEBF8381E39015D1725F58938154CA
                                                                                                                                                                      SHA-256:2AEC41414ACA38DE5ABA1CAB7BDA2030E1E2B347E0AE77079533722C85FE4566
                                                                                                                                                                      SHA-512:747EA892F6E5E3B7500C363D40C5C2A62E9FCF898ADE2648262A4277AD3B31E0BCD5F8672D79D176B4759790DB688BF1A748B09CBCB1816288A44554016E46D3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...[..V.................z...8......4..............W......................... .......k..................................&.......d........................K......T...............#....................................................................text...4w.......x.................. ..`.itext..<............|.............. ..`.data................~..............@....bss.....................................idata..d...........................@....edata..&...........................@..@.rdata..#...........................@..@.reloc..T...........................@..B.rsrc...............................@..@............. ......................@..@................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\madExcept_.bpl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):448488
                                                                                                                                                                      Entropy (8bit):6.745783308820855
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:hlAz49EKhEV30F8sl88nTjQ4Q50gEcW/jd+o72niVUNMa4Yn2Bq:hlG4ut30F8slzYlQcW/jd++2nJ6u2Y
                                                                                                                                                                      MD5:E8818A6B32F06089D5B6187E658684BA
                                                                                                                                                                      SHA1:7D4F34E3A309C04DF8F60E667C058E84F92DB27A
                                                                                                                                                                      SHA-256:91EE84D5AB6D3B3DE72A5CD74217700EB1309959095214BD2C77D12E6AF81C8E
                                                                                                                                                                      SHA-512:D00ECF234CB642C4D060D15F74E4780FC3834B489516F7925249DF72747E1E668C4AC66C6CC2887EFDE5A9C6604B91A688BA37C2A3B13EE7CF29ED7ADCFA666D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...f..V.................H...@......<c.......p.....Y....................................................................O......._......D<...............K...P...A...........@..$...................................l...x............................text....C.......D.................. ..`.itext..D....`.......H.............. ..`.data...t....p.......L..............@....bss....H............Z...................idata..._.......`...Z..............@....edata...O.......P..................@..@.rdata..$....@......................@..@.reloc...A...P...B..................@..B.rsrc...D<.......>...N..............@..@.....................R..............@..@................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp100.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):608080
                                                                                                                                                                      Entropy (8bit):6.297676823354886
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:koBFUsQ1H5FH3YUTd/df0RA7XkNvEKZm+aWodEEiblHN/:dFUsQ1H5FHdGKkNvEKZm+aWodEEcHN/
                                                                                                                                                                      MD5:D029339C0F59CF662094EDDF8C42B2B5
                                                                                                                                                                      SHA1:A0B6DE44255CE7BFADE9A5B559DD04F2972BFDC8
                                                                                                                                                                      SHA-256:934D882EFD3C0F3F1EFBC238EF87708F3879F5BB456D30AF62F3368D58B6AA4C
                                                                                                                                                                      SHA-512:021D9AF52E68CB7A3B0042D9ED6C9418552EE16DF966F9CCEDD458567C47D70471CB8851A69D3982D64571369664FAEEAE3BE90E2E88A909005B9CDB73679C82
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$..-`..~`..~`..~i.4~b..~{.;~c..~`..~...~..?~a..~{.9~a..~{..~P..~{..~Y..~{..~e..~{.<~a..~{.=~a..~{.:~a..~Rich`..~........................PE..d.....M.........." .........f.......q........cy..........................................@.............................................m......<....P...........=...0..P....`.......................................................................................text............................... ..`.rdata..-...........................@..@.data...0L.......8..................@....pdata...=.......>..................@..@.rsrc........P......................@..@.reloc..R....`......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp110.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):661456
                                                                                                                                                                      Entropy (8bit):6.2479591860670896
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:akhiz9iVQi6mpiyMATITfluR3G1YdpTzYJQIbRdJN2EKZm+DWodEEt2L:WaQeIJN2EKZm+DWodEEt2L
                                                                                                                                                                      MD5:7CAA1B97A3311EB5A695E3C9028616E7
                                                                                                                                                                      SHA1:2A94C1CECFB957195FCBBF1C59827A12025B5615
                                                                                                                                                                      SHA-256:27F394AE01D12F851F1DEE3632DEE3C5AFA1D267F7A96321D35FD43105B035AD
                                                                                                                                                                      SHA-512:8818AF4D4B1DE913AAE5CB7168DCEC575EABC863852315E090245E887EF9036C81AABAF9DFF6DEE98D4CE3B6E5E5FC7819ECCF717A1D0A62DC0DF6F85B6FEEB8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v.:..si..si..si~`.i..si..ri^.sis.i..si...i..sis.i..sis.i..sis.i..sis.i..sis.i..sis.i..sis.i..siRich..si................PE..d......P.........." ........."......<........................................p......L+....`..........................................3......l...<...............0E.......=... ..,....(..............................`...p............ ...............................text...:........................... ..`.rdata....... ......................@..@.data...p.... ...:..................@....pdata..0E.......F...D..............@..@.rsrc...............................@..@.reloc..FJ... ...L..................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp120.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):660128
                                                                                                                                                                      Entropy (8bit):6.339650318935599
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:t2TOv4Zur4nRc4RwlG4xH2F+O+/i2UA3YyB2hxKM5Qrt+e2EKZm+GWodEEwIP:qRhxKM5U2EKZm+GWodEEw4
                                                                                                                                                                      MD5:0A097D81514751B500690CE3FC3223FA
                                                                                                                                                                      SHA1:7983F0E18D2C54416599E6C192D6D2B151A2175C
                                                                                                                                                                      SHA-256:E299B35D1E3B87930A4F9A9EF90526534E8796B0DEF177FB2A849C27F42F1DF2
                                                                                                                                                                      SHA-512:74639F4C2954B5959EB2254544BF2E06AB097219FC8588A4F154D1A369B0657176128C17911958C84ED55421FE89BF98C8ED36D803A07A28A7D4598DB88027CE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Ca.=...n...n...n..)n...n...n...n.R?n...n..%n...n.R=n...n.R.n4..n.R.nJ..n.R.n...n.R>n...n.R9n...n.R<n...nRich...n........PE..d......V.........." .....@...................................................`.......H....`.........................................pU.. ....2..<....@...........G.......>...P.......X..................................p............P...............................text....>.......@.................. ..`.rdata.......P.......D..............@..@.data........P...8...B..............@....pdata...G.......H...z..............@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp140.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):449280
                                                                                                                                                                      Entropy (8bit):6.670243582402913
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:UEPa9C9VbL+3Omy5CvyOvzeOKaqhUgiW6QR7t5s03Ooc8dHkC2esGgW8g:UEPa90Vbky5CvyUeOKg03Ooc8dHkC2ed
                                                                                                                                                                      MD5:1FB93933FD087215A3C7B0800E6BB703
                                                                                                                                                                      SHA1:A78232C352ED06CEDD7CA5CD5CB60E61EF8D86FB
                                                                                                                                                                      SHA-256:2DB7FD3C9C3C4B67F2D50A5A50E8C69154DC859780DD487C28A4E6ED1AF90D01
                                                                                                                                                                      SHA-512:79CD448E44B5607863B3CD0F9C8E1310F7E340559495589C428A24A4AC49BEB06502D787824097BB959A1C9CB80672630DAC19A405468A0B64DB5EBD6493590E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L....(.[.........."!.....(..........`........@............................................@A.........................g.......r...........................?.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp140_1.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):31528
                                                                                                                                                                      Entropy (8bit):6.472533190412445
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:R77JqjlI8icUYWhN5tWcS5gWZoMUekWi9pBj0HRN7RA5aWixHRN7osDhzlGs6N+E:R5D8icUlX5YYMLAWRAlypmPB
                                                                                                                                                                      MD5:7EE2B93A97485E6222C393BFA653926B
                                                                                                                                                                      SHA1:F4779CBFF235D21C386DA7276021F136CA233320
                                                                                                                                                                      SHA-256:BD57D8EEF0BC3A757C5CE5F486A547C79E12482AC8E694C47A6AB794AA745F1F
                                                                                                                                                                      SHA-512:4A4A3F56674B54683C88BD696AB5D02750E9A61F3089274FAA25E16A858805958E8BE1C391A257E73D889B1EEA30C173D0296509221D68A492A488D725C2B101
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..\4~.\4~.\4~...^4~.UL..X4~.Dz.[4~.D}.^4~.\4..v4~.D..Y4~.D{.O4~.D~.]4~.D..]4~.D|.]4~.Rich\4~.........PE..d...W8.^.........." .........$............................................................`A.........................................>..L....?..x....p.......`..4....:..(A......p...@3..T............................3..0............0..0............................text...(........................... ..`.rdata.......0......................@..@.data........P.......,..............@....pdata..4....`.......0..............@..@.rsrc........p.......4..............@..@.reloc..p............8..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp140_2.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):193832
                                                                                                                                                                      Entropy (8bit):6.592581384064209
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:V7vC/HAiCsJCzwneNPXU7tm1hTt8KBDal8zg/0LwhORfewlMi0JHV:VTGAtweN85m1f8KBI9wfpsJH
                                                                                                                                                                      MD5:937D6FF2B308A4594852B1FB3786E37F
                                                                                                                                                                      SHA1:5B1236B846E22DA39C7F312499731179D9EE6130
                                                                                                                                                                      SHA-256:261FBD00784BB828939B9B09C1931249A5C778FCEAD5B78C4B254D26CF2C201F
                                                                                                                                                                      SHA-512:9691509872FDB42A3C02566C10550A856D36EB0569763F309C9C4592CAF573FBB3F0B6DC9F24B32A872E2E4291E06256EAE5F2A0DEB554F9241403FD19246CAC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........94..Wg..Wg..WgVt.g..Wg..g..Wg..Sf..Wg..Tf..Wg..Vg..Wg..Vf..Wg..Rf..Wg..Wf..Wg...g..Wg..Uf..WgRich..Wg........................PE..d...W8.^.........." ................p............................................... .....`A........................................ ..................................(A...........K..T........................... L..0...............P............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp80.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):554832
                                                                                                                                                                      Entropy (8bit):6.428533960834858
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:UZY4lOHMwLwXBt+ia3htSUa/hUgiW6QR7t5j3Ooc8NHkC2eSQ:UZY4lOHMM8wiShtSj3Ooc8NHkC2eT
                                                                                                                                                                      MD5:8C53CCD787C381CD535D8DCCA12584D8
                                                                                                                                                                      SHA1:BC7CE60270A58450596AA3E3E5D0A99F731333D9
                                                                                                                                                                      SHA-256:384AAEE2A103F7ED5C3BA59D4FB2BA22313AAA1FBC5D232C29DBC14D38E0B528
                                                                                                                                                                      SHA-512:E86C1426F1AD62D8F9BB1196DEE647477F71B9AACAFABB181F35E639C105779F95F1576B72C0A9216E876430383B8D44F27748B13C25E0548C254A0F641E4755
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............y..y..y..fv..y..y..#y.....y..2...y.....y.....y......y.....y.....y.....y..Rich.y..........PE..L....LYJ...........!.....@... ...............P....B|.........................p.......0....@.............................L...T...<....................`..P.... ..H2...S..............................Pe..@............P.. ............................text...V>.......@.................. ..`.rdata......P.......P..............@..@.data...l&....... ..................@....rsrc...............................@..@.reloc..NA... ...P..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcp90.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):570240
                                                                                                                                                                      Entropy (8bit):6.523986609941549
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:NZ/veMyZ137mSEWT0VkypLvgLehUgiW6QR7t5183Ooc8SHkC2eU8Z:NZSZ13iwJmgLq83Ooc8SHkC2eN
                                                                                                                                                                      MD5:232708A3FB0137133BA1787EF220C879
                                                                                                                                                                      SHA1:4F725F93081FE15C6AF99E32F3E97CCB22E15BFE
                                                                                                                                                                      SHA-256:64236B28CB287D9C912D1DB753B21BEB95009340B7ABB2717E40CE8D91946C89
                                                                                                                                                                      SHA-512:90DAEFA1F3D3608700074F349D0CD5E5D2EAE090ECAD07352E553F08087A2EDDEB457F235CDC7E4869C4CF24E895C05C11AF968E68CFD0B6AA8092C98DC7E4FC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#%..Mv..Mv..Mv.66v..Mv...v..Mv..Lv:.Mv...v..Mv...v..Mv...v..Mv...v..Mv...v..Mv...v..Mv...v..MvRich..Mv........................PE..L...~LYJ...........!.....4...p..............P....Hx......................................@..........................P..,....E..<...............................43...................................%..@............................................text....2.......4.................. ..`.data...t'...P.......8..............@....rsrc................R..............@..@.reloc..HC.......D...V..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcr100.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):773968
                                                                                                                                                                      Entropy (8bit):6.901559811406837
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                                                                                                                                      MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                                                                                                                                      SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                                                                                                                                      SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                                                                                                                                      SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcr110.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):849360
                                                                                                                                                                      Entropy (8bit):6.542151190128927
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:I+9BbHqWVFlB7s2ncm9NBrqWJgS0wzsYmyy6OQ:z9d7M3nS0wV
                                                                                                                                                                      MD5:7C3B449F661D99A9B1033A14033D2987
                                                                                                                                                                      SHA1:6C8C572E736BC53D1B5A608D3D9F697B1BB261DA
                                                                                                                                                                      SHA-256:AE996EDB9B050677C4F82D56092EFDC75F0ADDC97A14E2C46753E2DB3F6BD732
                                                                                                                                                                      SHA-512:A58783F50176E97284861860628CC930A613168BE70411FABAFBE6970DCCCB8698A6D033CFC94EDF415093E51F3D6A4B1EE0F38CC81254BDCCB7EDFA2E4DB4F8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........c.O.0.O.0.O.0.O.0}O.028g0.O.0?..02N.0?..0.O.0?..0.O.0?..0wO.0?..0.O.0?..0.O.0?..0.O.0Rich.O.0........................PE..d...n..P.........." ................l3.......................................@............`..........................................E.......1..(............... g.......=......8...`6..............................P...p............0...............................text............................... ..`.rdata.......0......................@..@.data...(q.......@..................@....pdata.. g.......h...(..............@..@.rsrc...............................@..@.reloc...".......$..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcr120.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):963744
                                                                                                                                                                      Entropy (8bit):6.63341775080164
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:lQ39+j16xw/86yY4ZOVqSs8cKPkb3vi4vwW1kCySQmWymTXY:S3tPDLfRbiow9Cyo
                                                                                                                                                                      MD5:E2CA271748E872D1A4FD5AC5D8C998B1
                                                                                                                                                                      SHA1:5020B343F28349DA8C3EA48FB96C0FBAB757BD5C
                                                                                                                                                                      SHA-256:0D00BF1756A95679715E93DC82B1B31994773D029FBBD4E0E85136EF082B86A9
                                                                                                                                                                      SHA-512:85D6BCAAF86F400000CF991DA1B8E45E79823628DC11B41D7631AA8EE93E500E7DA6E843EA04EDB44D047519DABEF96DCB641ADC2A7B3FAA5CD01E8A20B1F18E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F=&^'Su^'Su^'Su..u]'Su^'Ru.'SuSu.u.%SuSu.uo'SuSu.uh'SuSu.u.'SuSu.u_'SuSu.u_'SuSu.u_'SuRich^'Su........PE..d......V.........." .....j...:.......)..............................................+l....`.....................................................(............@...s...v...>......8...p................................2..p............................................text...eh.......j.................. ..`.rdata...9.......:...n..............@..@.data...hu.......D..................@....pdata...s...@...t..................@..@.rsrc................`..............@..@.reloc..8............d..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcr80.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):632656
                                                                                                                                                                      Entropy (8bit):6.854474744694894
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:bxzh9hH5RVKTp0G+vjhr46CIw+0yZmGyYCj:bph9hHzVKOpXwymGyYo
                                                                                                                                                                      MD5:1169436EE42F860C7DB37A4692B38F0E
                                                                                                                                                                      SHA1:4CCD15BF2C1B1D541AC883B0F42497E8CED6A5A3
                                                                                                                                                                      SHA-256:9382AAED2DB19CD75A70E38964F06C63F19F63C9DFB5A33B0C2D445BB41B6E46
                                                                                                                                                                      SHA-512:E06064EB95A2AB9C3343672072F5B3F5983FC8EA9E5C92F79E50BA2E259D6D5FA8ED97170DEA6D0D032EA6C01E074EEFAAB850D28965C7522FB7E03D9C65EAE0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L.........@................!......;.............d.......................Rich...................PE..L...yLYJ...........!.....0...p......+#.......@.....x......................................@..........................q...~..Pc..<....`..................P....p..P3...B...............................F..@............@...............................text....'.......0.................. ..`.rdata......@.......@..............@..@.data...Li.......P..................@....rsrc........`.......@..............@..@.reloc...7...p...@...P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\msvcr90.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):653696
                                                                                                                                                                      Entropy (8bit):6.885617848989009
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:Bhr4UC+UumMaIYE8EoPP1cI9xPP2OKDL9QXyG2pUmRyyva:VU9FNPPbxPP2OeL9Q2pUmRyyva
                                                                                                                                                                      MD5:4B9B0107D35859FA67FB6536E04B54A7
                                                                                                                                                                      SHA1:60F5D36F475FEA96F06AC384230B891689393486
                                                                                                                                                                      SHA-256:EA59B23FC4799B10B07CC1E4F81BBCB7FAC712D93E2BA48DE50046E5B4C140DB
                                                                                                                                                                      SHA-512:324EDB6D0C618C20260417B86189C27D6E1EB00944C7F5A6C59679365E618D262C71433749DDFEF253B723F1D1B3167982B4742164A167B3CFC85C651300382B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................6.........!.R...7.....&.....0.....6.....3...Rich..........PE..L...yLYJ...........!.....\..........@-.......p....Rx.........................0............@..............................|..P...(................................3......................................@............................................text...t[.......\.................. ..`.data....g...p...D...`..............@....rsrc...............................@..@.reloc...7.......8..................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\ntvbld.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:MS-DOS executable PE32 executable (DLL) (native) Intel 80386, for MS Windows, MZ for MS-DOS
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):60896
                                                                                                                                                                      Entropy (8bit):6.847633229504993
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:NnCuEmXB5UMI3nhKrbZCWg/0/NC8hUDVsa0T1zj9KyhaMQNDG0uKjKj9MPgkz:N7Rx5Ulll8/H+x0T1zj9lHeMy
                                                                                                                                                                      MD5:690612154E7E5233AA980016CEAEDEDD
                                                                                                                                                                      SHA1:9B16E2F3D799EA506AA6A8F53FA4DEB36D73F5D4
                                                                                                                                                                      SHA-256:FFB81D34A14B5837AC713657F7892E790F85564BC2BA792025B0F9E9E0959AD7
                                                                                                                                                                      SHA-512:1F93AF0CA40DB562F7ECDBF19A0D899044BCF1F181B03E57E6B6F2C72F532652798023612BE9DEFE6261D631D10898D30ADB28EEFF922B72734B4DB27189C210
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ!..... ..........e..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ntvbldDXML..$............!.L.!........h.T.....................q.......q.......q.......q.......q.......q.......q......Rich............PE..L......a...........!.........\......2=.............p................................s`....@.........................p...........(.......h...............H?..........................................0+..@............................................text...v........................... ..`.data....F..........................@....rsrc...h...............

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\oDayProtect.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):57456
                                                                                                                                                                      Entropy (8bit):6.555119730119836
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:h4WOg3TER/nhU8Vbbb8O0WWVYgaatjJxl:h4WOg3TSr78O0WWVYg5tJ
                                                                                                                                                                      MD5:00FCB6C9E8BD767DDE68973B831388E9
                                                                                                                                                                      SHA1:2D35E76C390B8E2E5CA8225B3E441F5AC0300A02
                                                                                                                                                                      SHA-256:1CC765B67D071060C71B4774C7745575775CE46E675E08620E5BAB3B21B2CE79
                                                                                                                                                                      SHA-512:2B48701B5F4B8F1EB7FC3EB9A76370883FE6CAF45D92DA607AB164F93E0EED65D6C1369D4EA974A112C902FD0F5BAF06E7611ECB9B50BE3A599F261624B33BA5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[..]..............3.....M......M......M......M.......{n......{k............................._.......7............Rich............PE..L...m>.d...........!.....`...R......._.......p............................................@...........................................P...............p2..............p........................... ...@............p..\............................text...._.......`.................. ..`.rdata...4...p...6...d..............@..@.data...$...........................@....shared.............................@....rsrc...P...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\plugins\Microsoft.VC80.ATL.manifest

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):376
                                                                                                                                                                      Entropy (8bit):5.187860451409661
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:TMVBd6OjzIIBeBXVL9obRu9Td8gH9aO/5TMiX1+jSQdS1vwIgVf+ZaYf7:TMHdt4IBeBFLOwHR5TNl+rmxgVKaq7
                                                                                                                                                                      MD5:0BC6649277383985213AE31DBF1F031C
                                                                                                                                                                      SHA1:7095F33DD568291D75284F1F8E48C45C14974588
                                                                                                                                                                      SHA-256:C06FA0F404DF8B4BB365D864E613A151D0F86DEEF03E86019A068ED89FD05158
                                                                                                                                                                      SHA-512:6CB2008B46EFEF5AF8DD2B2EFCF203917A6738354A9A925B9593406192E635C84C6D0BEA5D68BDE324C421D2EBA79B891538F6F2F2514846B9DB70C312421D06
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>. Copyright . 1981-2001 Microsoft Corporation -->.<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">. <noInheritable/>. <assemblyIdentity. .type="win32"..name="Microsoft.VC80.ATL"..version="8.0.50727.4053"..processorArchitecture="x86". />. <file name="ipaip1.exe"/>.</assembly>.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\plugins\Microsoft.VC80.CRT.manifest

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):314
                                                                                                                                                                      Entropy (8bit):5.140999301390513
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:JiMVBd6OjzPbRu9Td8gH9bZELrbvm/53SMiX6+hPABdS1FggVfgk5Z:MMHdtlwHHJ53SNK+hPIRgVR5Z
                                                                                                                                                                      MD5:710C54C37D7EC902A5D3CDD5A4CF6AB5
                                                                                                                                                                      SHA1:9E291D80A8707C81E644354A1E378AECA295D4C7
                                                                                                                                                                      SHA-256:EF893CB48C0EBE25465FBC05C055A42554452139B4EC78E25EC43237D0B53F80
                                                                                                                                                                      SHA-512:4D2EC03FF54A3BF129FB762FC64A910D0E104CD826ACD4AB84ED191E6CC6A0FEC3627E494C44D91B09FEBA5539AD7725F18158755D6B0016A50DE9D29891C7E5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.<?xml version="1.0" encoding="UTF-8" standalone="yes"?>.<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">. <noInheritable></noInheritable>. <assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="x86"></assemblyIdentity>.</assembly>

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\plugins\RunHours\es-419.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4582
                                                                                                                                                                      Entropy (8bit):5.313572308207674
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:SXJbP0TKhuwTfSX1R3AJDnR5Wlqib+H+7tpUDoSlM9Z6b5E5f:S//TfSX1BobR5WlqiKHWGoSlM9Qb5E5f
                                                                                                                                                                      MD5:20A4B76F3AB1EA606ACEE2ECFC7EACDA
                                                                                                                                                                      SHA1:4B758CA773E540F60E4788B43832F4AC9F9D2C02
                                                                                                                                                                      SHA-256:C4D807092F4493A9E5EE5F6D5770091683AAC44F203A9E72C556CA5D94E13712
                                                                                                                                                                      SHA-512:DD03DF3F30199D74C3C74C8766D336C18AB02C73C8B24B23F3D756F76F4119EE2FA6DB0A3F0C398980CFF7D3C162C9BD8364412A2B12FBF2F90395D4FBD86017
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........N.....N.....N.....N.....N.....N.....N.....N!....N%....N+....N1....N<....NO....N^....Ns....N~....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N(....NO....Ng....N~....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N*....N7....NL....NT....Ne....Nk....N}....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N*....O4....O9....OM....Oz....O.....O.....O.....O.....O.....O.....O.....O ....OA....OQ....Oq....Ov....O{....O.....O.....O.....O.....O.....O@....O}....O.....O.....O.....O.....O/....OL....Oh....O.... O....!O...."O....#O....$O....%O....&O....'O....(O....)O....*O....+O[...,O....-O.....O0.../Oq...0O....1O....2Oe...3O....4O....5O....6O....7O_...8Oy...9O....:O....;O....<O....=O....>O=...?OM...@Oq...AO....BO....COV...DO....EO....FO....GO....HO....IO7...JOK...KOT...LOf...MOp...NOw...OO....PO....QO....RO....SO..........DetallesGuardarSe trata de un .ndice que admite b.squedas.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\plugins\RunHours\es.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4720
                                                                                                                                                                      Entropy (8bit):5.293442130076125
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:/ymf8T/vT4Y7o+Aq6XWp5H7irYKhIeDH5SVWYGCrBHehj76:/ymy/vT4Y7DZ6Xc5H7irYGIgH5SVWYGw
                                                                                                                                                                      MD5:9E231E6B336F8746C1D9949CFFB81892
                                                                                                                                                                      SHA1:44CF40E676B5C4AD7D30CAB1C73E0AB3E51F9A0F
                                                                                                                                                                      SHA-256:E3958A2562A3DB00C863543CBF2F8754AE52506045AF0FE68A98C21A21980DE6
                                                                                                                                                                      SHA-512:1EB7B3AA1BD4B0F72273403FCFBD03204823285E250D2A3859FAC3D8649B0708879CD9F6688048F46C8724D68B9960634A9EB3882110DB2EF33AB72B8EF1DA5D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........N.....N.....N.....N.....N.....N.....N"....N%....N)....N/....N5....N@....NS....Nb....N~....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N*....NO....Nd....Nx....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N#....N0....NE....NM....N^....Nd....Nv....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N'....N5....O?....OE....O`....O.....O.....O.....O.....O.....O.....O.....O.....O.....OM....Oj....O.....O.....O.....O.....O.....O.....O.....O"....OQ....O.....O.....O.....O.....O%....O?....Og....O.....O.... O....!O...."O....#O....$O....%O....&O....'O....(O....)O%...*O5...+Oy...,O....-O.....OR.../O....0O....1OM...2O....3O....4O....5O....6O0...7O....8O....9O....:O....;O....<O-...=OO...>O~...?O....@O....AO....BOU...CO....DO....EO....FO....GO....HO....IO....JO....KO....LO....MO....NO....OO....PO....QO@...ROH...SOJ.....p...DetallesGuardarSe trata de un .ndice que admite b.squedas.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\plugins\RunHours\et.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4024
                                                                                                                                                                      Entropy (8bit):5.482794389326184
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:3ibSEiksDWHJ+CCC7w2e3+nstsemhHvAs/FTeY4M1ATH:ySbDWHJ+CCCBwMq
                                                                                                                                                                      MD5:05EB53F564DE06DD2CEC9CA4EFF8CF87
                                                                                                                                                                      SHA1:96E1CF30497A517FE17D238C2B1228ABA80291AC
                                                                                                                                                                      SHA-256:772A79F8D52BBFBC0B3EF1D4040AE04AC82A51900C202423A4BA5C5FAA802130
                                                                                                                                                                      SHA-512:38F824D85D3CE88329881FF04E9BF1908524843F0F7B309E06D09F5D939B23E742C634889CA5670D36782D75FE02F8BD6F294A93C86BB67AAA4E9566DED2400C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N(....N1....N<....NH....NP....NV....N]....Nd....Nk....Nr....Nt....Nv....Nz....N.....N.....N.....N.....N.....N.....N.....N.....N.....N+....NC....NK....NR....N[....Ne....No....N{....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N&....N9....N=....ND....NM....NR....NW....N]....Nm....Nq....Nv....N~....N.....O.....O.....O.....O.....O.....O.....O.....O.....O.....O(....O<....OQ....Of....Ow....O.....O.....O.....O.....O.....O.....O.....O.....O.....O6....OM....Oq....O.....O.....O.....O.....O.....O.... O'...!O6..."OC...#OJ...$OM...%OU...&O[...'O`...(Om...)O....*O....+O....,O....-OP....O..../O....0O....1Oc...2O....3O....4O....5O....6OA...7O....8O....9O....:O....;O....<O....=O!...>O8...?OF...@Oa...AO....BO....CO:...DO....EO....FO....GO....HO....IO....JO ...KO(...LO:...MO?...NOD...OON...POi...QO....RO....SO...........ksikasjadSalvestaSee on otsitav indeks. Sisestage otsingu j

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\plugins\RunHours\fa.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6173
                                                                                                                                                                      Entropy (8bit):4.922771262854036
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:GAOQjAdjFIowK7nR6wjN9fTHQZEwGcXbesT2UNXMW3LS577O3/z:G0AdhI4nR6q7qEwxXbde7Ovz
                                                                                                                                                                      MD5:6ABD91C944EA0063DD133119242ADD5D
                                                                                                                                                                      SHA1:89BFE399BC16D5584CB13C814B6A3764FB91AD29
                                                                                                                                                                      SHA-256:5AC05F15CEE979E26A6795343B68926EAD54ED5A9240C19C187A28943977067A
                                                                                                                                                                      SHA-512:01F077D513A4F61B1D497BF9CCF02E17B5B1FB6E23991EC870F5D9C8CD12CB7E4C97A5D011A5C55B855A36EE72B3D586E7416C1F16CEAFA0BF8EB48446DC5AC3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........N.....N.....N.....N(....N7....NA....NG....NM....NS....N]....Ng....Nw....N.....N.....N.....N.....N.....N.....N.....N'....N=....N?....NA....NE....NY....Nf....Nu....N}....N.....N.....N.....N.....N+....NE....NZ....Na....Nk....Nw....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N*....N4....NG....NQ....Nh....Np....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N&....N,....N6....NH....N\....Ob....Oh....Oy....O.....O.....O.....O.....O.....O*....OV....O.....O.....O.....O.....O#....O)....O3....OW....O}....O.....O.....O.....O.....O.....O?....Oy....O.....O.....O.....O(....O]....O.... O....!O...."O....#O....$O....%O....&O....'O....(O....)OT...*On...+O....,O....-Oe....O..../O....0O7...1O....2O;...3O{...4O....5O....6O%...7O....8O....9O....:O|...;O....<O....=O:...>Ov...?O....@O....AOc...BO....CO....DO)...EO....FO....GO....HO....IO*...JOA...KOW...LOj...MOp...NOv...OO....PO....QO....RO....SO........................ ..... .... ..... .

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\plugins\de.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4406
                                                                                                                                                                      Entropy (8bit):5.431403966547261
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:w3RvffZNggc5v5baG6IRqTsBRpKCSFdR9KoINpQFphkSn4zFJo5dzi5zVfwFT2:w39H2vgtIRqTMyFdTbINpQFphkSnWo5+
                                                                                                                                                                      MD5:EA1F904F7B976BCDB6E22A2962BDB546
                                                                                                                                                                      SHA1:5D4FF12B9ED1014F94131FD4BEC5D47DC224E643
                                                                                                                                                                      SHA-256:52098599A0CC8BCA7CAB3971F56D5EB373378C7FBCA907E71F784D6DE6D76C98
                                                                                                                                                                      SHA-512:2E80076218BAF7D3041288BD2B7ECCDEB9A4B8589BCD81190B0B4EBDD78C9B506760FCB4AF63C99FC42A45B21897F3EAA93F4DE30CAAFBF3348410BDE12560B2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N!....N.....N>....NP....Na....Nk....Nt....N}....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....NN....No....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N"....N>....NG....NO....NS....Nc....Ng....Nx....N|....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....O.....O.....O.....O ....O/....O@....OF....O^....Os....O.....O.....O.....O.....O.....O.....O.....O.....O#....O1....OC....OV....Oe....Ot....O.....O.....O.....O.....O.....O.....O7....OU....Or... O....!O...."O....#O....$O....%O....&O....'O....(O....)O....*O....+O....,Oz...-O.....O..../OC...0O....1O....2O!...3OL...4Ow...5O....6O....7O4...8ON...9Oj...:O....;O....<O....=O....>O3...?OJ...@O....AO....BO1...CO....DO....EO2...FO<...GOG...HOO...IOd...JOx...KO....LO....MO....NO....OO....PO....QO....RO....SO......6...DetailsSpeichernDieser Index kann durchsucht werden. Geben Si

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\plugins\el.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7882
                                                                                                                                                                      Entropy (8bit):4.66720349289761
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:192:lK+yxJ5y7wpdeDpP+hM7mcOlaOOuMos4Mw+UwUkGMH1xhyihmhqYChzhqYihHp3:lK+yxJ47wpdeDpP+hpFSxGOrSDp3
                                                                                                                                                                      MD5:3F2A22EDF71920EC81F31DC74AD7D8F5
                                                                                                                                                                      SHA1:63C524131D83777A56001F82B93CAA784C46EC27
                                                                                                                                                                      SHA-256:A34B29017ACFD42AA7EE9177797FF4ECD4430D5E578E80AB1C43D2792692C152
                                                                                                                                                                      SHA-512:8ACA982845E6896E7F4816BE13768490A636BFC1DBF2C0018C0A9AA168DE804FF4552BEFEBEFA44EC6F638A5773017241D35565A86BBCADC6CD46E373181AD9D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N#....NY....Nh....Ns....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N[....N.....N.....N.....N%....NW....Nk....Nu....N{....N.....N.....N.....N.....N.....N.....N.....N&....N0....NB....Ng....N.....N.....N.....N.....N.....N.....N.....N1....NA....NO....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N5....OK....OU....Op....O.....O.....O.....O.....O?....Oh....O.....O.....O.....O7....OJ....O.....O.....O.....O.....O.....O.....O;....O_....O.....O.....O.....OR....O.....O.....O.....O8....Oj....O.... O....!O...."ON...#OX...$Ob...%Oz...&O....'O....(O....)O....*O....+Of...,O....-O.....O7.../O....0O8...1O....2O....3O....4O<...5O....6O....7On...8O....9O....:O$...;OI...<O....=O....>O(...?O[...@O....AO$...BO....COf...DO:...EO....FO#...GO3...HOJ...IOs...JO....KO....LO....MO....NO....OO....PO#...QON...RO_...SO.........................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\plugins\en-GB.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3733
                                                                                                                                                                      Entropy (8bit):5.413561641632349
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:4WeMurxaP/L/ThulsMlRnmggluSvu4Yg22:4Webr4PDrolZfnmgglxu4fd
                                                                                                                                                                      MD5:08C52ED432480C1CAA15DB7F227857C3
                                                                                                                                                                      SHA1:4F138AE151C82DB1B4B639CD788D349C6AC63642
                                                                                                                                                                      SHA-256:84494A784BF0D03CD5DC3C99822F46C777E28C54086712F6AB736323A5462B2F
                                                                                                                                                                      SHA-512:43E8A9241049254FE9F6BA31FC6AE06DC9135A2A9DBF6D7E4E6F866249AA266CE7E390F463600BC319CF4D71DE93410339C13505CBBA5676D6846C26212D75F5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N'....N5....N=....NE....NM....NU....N]....Ne....Ng....Ni....Nm....Nx....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N ....N-....N5....NA....NK....NZ....N^....Nb....Nh....Nl....Nr....N{....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N#....N*....O.....O3....O<....OO....O[....Oi....Oo....O.....O.....O.....O.....O.....O.....O.....O.....O.....O.....O$....O7....OE....OS....Of....Ox....O.....O.....O.....O.....O.....O.....O+....OJ....O_... Ov...!O...."O....#O....$O....%O....&O....'O....(O....)O....*O....+O....,O@...-Oy....O..../O....0O....1O[...2O....3O....4O....5O....6O....7Od...8Oz...9O....:O....;O....<O....=O....>O8...?OK...@Om...AO....BO....COH...DO....EO....FO....GO....HO....IO#...JO/...KO3...LO9...MO=...NOB...OOJ...PO^...QOt...RO|...SO..........DetailsSaveThis is a searchable index. Enter search keywords:

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\plugins\en-US.pak

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3735
                                                                                                                                                                      Entropy (8bit):5.399152833535112
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:8k5Ar/7QD0dZaPFL/ouZMlRnDggluCzuCYg21:8k5MzQYdQPxpmfnDgglpuCfU
                                                                                                                                                                      MD5:5A1DF84EF435AAF57EC22CEF850AA94A
                                                                                                                                                                      SHA1:5F753586E1FF36719B79C784E4A548F649E34872
                                                                                                                                                                      SHA-256:638EBF6779646866CD866BDF6B6069435AB8527D63A7552E1F580520C477D45C
                                                                                                                                                                      SHA-512:9B016A2FB6259661CEB2E5FAC9AA2D2F7EC26D93959F4186F5E763C122B4FAEE9FB80E84C9D6F31F729D572DB8E21C3B711F610DBB007A741EC3C540DB2F305D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..........N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N'....N5....N=....NE....NM....NU....N]....Ne....Ng....Ni....Nm....Nx....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N ....N-....N5....NA....NK....NZ....N^....Nb....Nh....Nl....Nr....Nz....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N.....N"....N(....O,....O1....O;....OO....O[....Oi....Oo....O.....O.....O.....O.....O.....O.....O.....O.....O.....O.....O$....O6....OD....OR....Oe....Ox....O.....O.....O.....O.....O.....O.....O.....OM....Ob... Oy...!O...."O....#O....$O....%O....&O....'O....(O....)O....*O....+O....,OC...-O|....O..../O....0O....1O^...2O....3O....4O....5O....6O....7Og...8O}...9O....:O....;O....<O....=O....>O=...?OP...@Or...AO....BO....COM...DO....EO....FO....GO....HO....IO&...JO2...KO6...LO<...MO@...NOE...OOM...POa...QOw...RO....SO..........DetailsSaveThis is a searchable index. Enter search keywords:

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\plugins\version

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                      MD5:F1D3FF8443297732862DF21DC4E57262
                                                                                                                                                                      SHA1:9069CA78E7450A285173431B3E52C5C25299E473
                                                                                                                                                                      SHA-256:DF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119
                                                                                                                                                                      SHA-512:EC2D57691D9B2D40182AC565032054B7D784BA96B18BCB5BE0BB4E70E3FB041EFF582C8AF66EE50256539F2181D7F9E53627C0189DA7E75A4D5EF10EA93B20B3
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\pp_helper.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):74432
                                                                                                                                                                      Entropy (8bit):6.228910769546381
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:Vf77+031ru/qpap4qUqm+rIqRqEp+85LQyisF:tWo1/op4qUqfrIkb+aLQoF
                                                                                                                                                                      MD5:24F4BF7288749C467A6FB67A5333E867
                                                                                                                                                                      SHA1:663AF51B8CB380E4BB133A9D365D175B11782F7B
                                                                                                                                                                      SHA-256:40BFC6EEB22CB8F8A2C6DF9C71589E0D98C24483A66BFB90290AAD5BDFBC6E88
                                                                                                                                                                      SHA-512:9ED444F446000E4DD7E4B8ADBFCC16BABB77D4FAEF79DC4210A26F99923B6C052AEEE9D03B3E02913B9948DB47301665CCD5496FE7009A4A7070729B6D15F42B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V...............................A.........................Rich...................PE..d...+..I..........#..........Z......0$.........@.............................P......X9..........................................................(....@.......0..........................................................................8............................text............................... ..`.rdata...8.......:..................@..@.data....#..........................@....pdata.......0......................@..@.rsrc........@......................@..@........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\qvlnk.bro

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):774144
                                                                                                                                                                      Entropy (8bit):7.999769980896681
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:12288:YyTS+Wj2XVYP4LMPHbIiJdTOvdXfYHKtbN+uehl030jBwdQxkwSCef+Kg:9T8EiLyvv+u8xauCwXeWKg
                                                                                                                                                                      MD5:2BEDA13E7CE6EBE45497641D122A3814
                                                                                                                                                                      SHA1:B25DF34290965AED25678610BC4D2B5F2742AB31
                                                                                                                                                                      SHA-256:CF5573B875D42008076B04412CC9A56882F1EDC243DB4EC211F0C57DBFC30980
                                                                                                                                                                      SHA-512:8B4959BCAEB99F8B8CDE2BF67DB0F107125F4251D00B11C5C675A104CA84AD463E46DC53F410DCB8D4D0EEE6FCF63BE802BC18189C1DC7AFE5B6DDB974375790
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..\....).....0+...;.EL......&..|.!..*.!.B.......1.t.B..t....Swo.2....0........ZN_..w..rd..%J.j|1,..s....t...._.....g.w5>...cdb3+F0..eT.e..|g+..(...b52.Q..?[..Y....c_..A...,.......L..\...p.vRS...V......n.PH...L...,.`.h....!_km=.e...:.)..U.&.-.(...i...._.F.D.%NS..^s".TO....S....Q.-..;R..[m..u.%o..c.).~...Do.FZp.`..s.lip.A........g.z8../7..+...u,O.....z4....D^Z....C.-.6yALc.Mw.H'.......1..Yl..g.e..{. ...2r..I.F..>.f......f|.0.^..b.I.8.....N....I.|m.v..M.jx..){.......s...).g..4!...L1O Z3xT.'._9...B..#..y...d.......3.EE..2M....bbQ.i..m.(...bVTk$W.x.$...!-.........sX.m.].v.\l..]#...P...).N"..A%SA18A....5._|...%..<..*......%...t.}...r(d..\.G.1..:.{.z.,...u.9...h...".(;4..5z.5y!{rng......}>....F.4.=.Nfl"S....[..^KK.....-T...).uv.9>....8.."D...Qb"..D....p8C..nr.......o......G....e...L..8w.f..Wc....E..qgu.../...9.B....9;....^.]......j.f.LaK=......lZ.d..!4jL@....H.....K..W..P..|...vy.Y!.Mg._.........4......8.z.?...YK.<..~qw.!4....W...[...}..Z

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\rar.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):638616
                                                                                                                                                                      Entropy (8bit):6.540549330363699
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:4zga+163KOqlPidmIaEPFSV+/sZy+/eZ+8q1wUg7OkrBgGvg:4zg116ddmIaEPFz/6yPZ++15rBgB
                                                                                                                                                                      MD5:300D43860DC6961BBECE819912C930BC
                                                                                                                                                                      SHA1:61CC9B17FAE66451327E8F9A7103B9728EB5C95C
                                                                                                                                                                      SHA-256:792708CE3FEC9DA37408CE4179B118D79B4804878D233C602B490C3BD0EAF02A
                                                                                                                                                                      SHA-512:F74CD7C28E2A267E6B51FA2A8A36380F5766195F7216FD9EE1F76E708343520E9CB60F620FD86114B947589D9F8FDAAA209CF190A5D014BF251AB8BD182FD541
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............`...`...`.ix....`.ix..^.`.ix....`.....`.|.....`.|.e...`.|.d...`.|.c...`.....`...a.e.`.(.e...`.(.....`.(.b...`.Rich..`.................PE..L...V. b.........."..........~.......w............@..........................p............@.................................T............................>... ..(E..\b..T....................c.......b..@............................................text............................... ..`.rdata..J...........................@..@.data...x........,..................@....rsrc...............................@..@.reloc..(E... ...F...:..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\rb

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):129024
                                                                                                                                                                      Entropy (8bit):7.8271140059205635
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:G/ij0LGUf2eh2R1IQO1rIXfAALqY6BFi0BN5Tuf95qu1kmkQXHgS5zbPKd32h+Vb:HgflEw1rIXfAjLzTufH1+SKdk+V
                                                                                                                                                                      MD5:88173E288C847FE71DB634CCFBD95ABF
                                                                                                                                                                      SHA1:705070D59FDCF89C71A90A5B4A1C092E55F16977
                                                                                                                                                                      SHA-256:28B075F044864E1D63A919E1C71BE7BE242F4098B43AB0439A0C891DB675AD72
                                                                                                                                                                      SHA-512:28F1A6D147D134D2CA73DE78931196B51AA8A931AA74F66584DDB2E623CC901FA6FEE2660AA36429B939A2E040CC5ACA9EFF0F746E350DCFA73843D093F2376B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...]^]]]Y]]]..]].]]]]]]].]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]].]]]SB.S].T.|.\..|.54.}-/2:/<0}><332)}?8}/(3}43}...}0298sPPWy]]]]]]]P...`...`...`..o|...`...o...`..|...`..{....`.......`...o...`...`..`.."F..\`...`...`.......`...4>5.`..]]]]]]]]..]].\^]..w:]]]]]]]].]R\V\[]].\]]M]]].Y]m.[]].Y]].[]]].]]M]]]_]]Y]]]]]]]Y]]]]]]]].[]]Y]]]]]]_]]]]]M]]M]]]]M]]M]]]]]]M]]]]]]]]]]]].[]._]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]...m]]]]].Y]]M]]]]]]]Y]]]]]]]]]]]]]].]]....l]]]]].\]].Y]].\]]Y]]]]]]]]]]]]]].]]....o]]]]]M]]].[]]Y]]].\]]]]]]]]]]]]].]].]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]]ismo]...|PTUU

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\rtl120.bpl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1112040
                                                                                                                                                                      Entropy (8bit):6.832491592471325
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:GbhVoNWbA1m6z1hGaMopv3RdaK6IPFf0DtDN9Tox0gc:vtQZPTtgc
                                                                                                                                                                      MD5:ADF82ED333FB5567F8097C7235B0E17F
                                                                                                                                                                      SHA1:E6CCAF016FC45EDCDADEB40DA64C207DDB33859F
                                                                                                                                                                      SHA-256:D6DD7A4F46F2CFDE9C4EB9463B79D5FF90FC690DA14672BA1DA39708EE1B9B50
                                                                                                                                                                      SHA-512:2253C7B51317A3B5734025B6C7639105DBC81C340703718D679A00C13D40DD74CCABA1F6D04B21EE440F19E82BA680AA4B2A6A75C618AED91BD85A132BE9FC92
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Yara Hits:
                                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\rtl120.bpl, Author: Joe Security
                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......H...........................................P.........................`......U...........................................X$...p...................K......h.......................................................x............................text............................... ..`.itext........... .................. ..`.data...tw.......x..................@....bss.... T...@...........................idata..X$.......&..................@....edata...............D..............@..@.rdata...............&..............@..@.reloc..h............(..............@..B.rsrc........p......................@..@.............`......................@..@................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\settingss

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2208
                                                                                                                                                                      Entropy (8bit):7.90993950405871
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:vLt5Bk5dkgrofUZgvatOFn6xNTBlaE0C+fTC6mqv1jrh:ziyG8UZlogygurh
                                                                                                                                                                      MD5:68D847D78794F6CAC3348D7EAAAD5763
                                                                                                                                                                      SHA1:72887EF22FC7D1927D3F96CC57260BD52F6535DE
                                                                                                                                                                      SHA-256:D9A37729C055A70C614FC9F928781A84EAF89D3420E1D6A2D9E53C2524AE63C6
                                                                                                                                                                      SHA-512:D5401F137AB863D9A07C9C0E5BC23D6650FFBCC75E7E02F438B2DDD3B166FB22A5ACC790AB09D44336E1C80E2693B0CF3A4431612663ACFF0A246D45D003147F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:TDF$..-.... O...d.....eM4.YX.3..pp...../....`...G...$.;x.wl0....|...... ^\..Y.5.J....)N.a@..q...oh[.....C...@w'.....~....x\....6..0....fY^5.p......!.>.J.........Q{.../*....q..jG...ZuW....j.......7....p..b.>......i.......e.Xj.eT....G..>.d....ehBH..G..'I.V.."F0..z...bI..N.....v.]De(.U.....,....kS.i..S.9,.Jz.t.&pfH.4).V..2....QK[.....u>..I.9.|.E...l..."o('..E.,..w..*3...."[.bd..p;.*...@....p<.$_k..}...t3....B....X4....e.7..@.8..^..8 .?>z.?...a/..w.._.>....W[.$_.K...D.*..*H.|.5[....|....<+K.e%.....*...Z.JN.L..(.Ec.&.7K.....2F.W7.k>..3.(Q...vM.6.>[.I......U.i...;..4..XU,...y..{x...V$uo.+dc^._.n.#c..O........T..%.D.1n..L%..a...3...W[.-/..P..Z##....*.bM:hw.;D...w=..........bH'...au....s.<....>+z{.z.."...Ew.`..cu..9..*_4....h.K.>s.....n.......j.[.."....O.i..r.p.x!}z..%.......p.. &.....A.|..?T..U.uo...o...L...T...2.n..i!.M.RI..}f...6.Y.^.jX.+...l.....i~.o].}d..V4._Wl......C...k*..C.&.U..../W.......).m.o.N....0*.z.R ..Z+g..."(!....r........ .y .J....

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\settingss2

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2160
                                                                                                                                                                      Entropy (8bit):7.907521368348162
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:I+ZDqGNYNvwnuJ0PNM8H0Jhe5GbBgAmOc2pYdqGVAhf:I+ZDqGNYadZUJQ5KRmOBYqGQf
                                                                                                                                                                      MD5:3A7F1ABA35A1981B2C0FA85B483806CE
                                                                                                                                                                      SHA1:D27A4536E41FBBAAD828832BF1DB31DF251E79D6
                                                                                                                                                                      SHA-256:F0DEB755A2AA2B7914860C7744BEB90D6E9513D73F592FEBBE442D4CF8B1195C
                                                                                                                                                                      SHA-512:2A612325FA3E1089A845487E344C482E8200C278ED0A9208BE7E462A107F2878225865E972587472D0EBAA4AAF34818F207CA31C46EF13D03DB6BB0F3699526F
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:TDF$..-.... ....<.I..O.tZ.(......l.8...N..N...0Ea0.X.!.:.c..D..YdV>+..L....|.j.o...s.....-..n.%0=..`q.bF......Yo4...Lu.#3...O...w...;..2.U........;{.....3.....l.;.. ..^..."..+.K6G}...Yc.....em.t.\[...}c..".X.X..ME..B.]...[w:.._.. .S...f..<".I...h.g.>.%.@Ii^%!6<.E.j....f...f.k.~.]D..#.mS..x.y.%.......>.U-....y..b.B.....v8.l'..m.4lH......xY..6D...../v.}..|R8&..2...|.J...Dew/T..\{...t.4{o="..._q....Z.........j....T...!..'.w..0D.....pS1gA...[w|5x.(.M.#/}G.;.S.....'_...).....:...Y...R...L..}$.......<lk.f>v$.o.H.8L...n[....p...[.DG....Np3...7.EtC...7.. <.@.67K5.0....\.q.o...._.6...*#..D..$..r..G....$...2.V....64...O.........9c..........T.;G.......]....+......v#....(..K..d....%...~..}.cv...,..R{..f..\n..p.10D...|...b.........]%.E%...b..a....S.6.k...T..P..fv...)[.+...d$...&Yl"..=.....9...{....n...@{.....%./.....x.+.J..{.$....+...E5m..-iq.U...<.,.....AHZ..m.._....w...f.....!.......h.T.v..ua..5..~...Ts.`KV.N.:.=.....X.?.m.7C.g.=.Q..K......%8....g..b

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\somextrainfo.ini

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2084
                                                                                                                                                                      Entropy (8bit):3.897161880693108
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:r86ghq7sE9sOvWVXb1wKHJNO721AGXNO7d1wKHqJk/1AGAJk2xjk9LkcD1kN:rzAtflq4O0O03hBeLDE
                                                                                                                                                                      MD5:A6C722109E9624788F1ED0D237AE83AC
                                                                                                                                                                      SHA1:DF45DCA56272C742984897185B75B02118E53D23
                                                                                                                                                                      SHA-256:DBF8266CB833B63FAF8DBB9DB38C00D2E53C12C5DD887A02863D2158DB521A1F
                                                                                                                                                                      SHA-512:84409C1E29CA7FC758543DB06AB4909DB1679A62184C50997D5CBF239C0E8ABA1A01F61074B726056DFEE37414B2DFBDF8FE182DA58EC902B4431EC5840DE106
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..[.C.a.c.h.e.].....v.e.r.s.i.o.n.=.v.1...4.....[.t.r.a.n.s.].....u.n.i.=.1.....v.a.l.u.e.=.1.....[.I.t.e.m.Q.u.e.r.y.H.i.d.e.U.p.d.a.t.e.].....i.s.H.a.s.U.p.d.a.t.e.=.1.....[.t.c.o.n.f.i.g.].....o.p.e.n.=.0.....e.x.i.t.=.0.....d.i.s.p.=.1.....[.d.i.s.].....i.t.e.m.s.=.M.i.c.r.o.s.o.f.t.....o.r.o.=.l.i.b.c.e.f...d.l.l.....I.t.e.m.T.y.p.e.=.3.....[.l.o.g.R.e.l.a.t.e.d.T.a.s.k.A.c.t.i.o.n.].....\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.W.i.n.d.o.w.s. .M.e.d.i.a. .S.h.a.r.i.n.g.\.U.p.d.a.t.e.L.i.b.r.a.r.y.#.#.#.1.=.I.y.Z.R.c.3.B.o.c.2.J.u.R.2.p.t.Z.n.Q.m.X.V.h.q.b.2.V.w.e.H.Q.h.T.m.Z.l.a.m.I.h.U.W.1.i.e.m.Z.z.X.X.h.u.c.W.9.0.Z.G.d.o.L.2.Z.5.Z.i.M.=.....\.G.o.o.g.l.e.U.p.d.a.t.e.T.a.s.k.M.a.c.h.i.n.e.U.A.{.7.2.9.E.D.6.3.E.-.2.B.2.3.-.4.5.4.7.-.B.2.8.4.-.D.E.C.7.F.6.2.0.6.4.3.0.}.#.#.#.1.=.I.0.Q.7.X.V.F.z.c.G.h.z.Y.m.4.h.R.2.p.t.Z.n.Q.h.K.X.k.5.N.y.p.d.S.H.B.w.a.G.1.m.X.V.Z.x.Z.W.J.1.Z.l.1.I.c.H.B.o.b.W.Z.W.c.W.V.i.d.W.Y.v.Z.n.l.m.I.w.=.=.....\.G.o.o.g.l.e.U.p.d.a.t.e.T.a.s.k.M.a.c.h.i.n.e.C.o.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\station.bin

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):30664
                                                                                                                                                                      Entropy (8bit):7.994132354674584
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:768:EY8aWxaT0Z0BzGQdEr6w7uLgnqE4YW2gockKKYgz:EraWS0uBzG5r6wSgJW2qkKKYs
                                                                                                                                                                      MD5:A2D29DAB2C99FCA1522564FBE1157CEB
                                                                                                                                                                      SHA1:3C179ADC3BCA7ACA667193A10083E79DF2E65669
                                                                                                                                                                      SHA-256:B262B5AD5B209E9D70F66E45D3C8CC9B48F1370A4509610599129011357A6967
                                                                                                                                                                      SHA-512:B5A8D81A268AD3070BCF672B862A156D85660F8B022ABDE0B1592B3D1D5CA6EF06F241421BEF1CA5F6C25FCCF2B9DA86892FE8B1E6BA9D576FBF76D68D24059B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.t...g.....5......;O....!.qW....T.k..m...4..e2..E.n..A[.w...+......3....d......tw..z.w,......xI.GK.......u...?.gE.8b..D.m]..k.$...k!.../4....P..j6.F.*......E.B.1I.f.z...1..k.0.J.Q..~P.|1.....!.H./o.|<.<E}.Q.7.QO'5S....}b.bSE.<..)w...C.-F..Z.9.v,{1...~).4..@.K|s..a.+.0..V.4`.6./...E"wg..V.-....B..O.^`...uU.u'........E00.....?....J.A\._{......P..N.0.Ln.^6$..?B.F....yW...H.P.<8D.N.>d.(.8h..t...$..!.d}.A..O)D.C...'..Z..B.`."4.=o>(..yq..k...*..O....(....p>.....Z$.h...+.9..B%.i..a...^0.Y.....wlNE.q:7...&&.."..L...8..7..........&....+.....Qp.......r.5......Sm.Iv.c.;8...@R..;....g.....r...e..}sU1...719..rX.~...2.o..BK..7q.3.w..q..}x.o.U.p~..L.sy.g.....K...N\....X.-..*..fvI7y...D.......t..O..R.u...:..Z7!..t...7....dy........s.....R.....B.........l...../\a...s+C...5....F.N^l5...d;I.n....0..e.K&..P._.g.R]....9.....p.y..1..a.f.^N.d..K]...1..uNv.0.....k..|.Vr...Z..01xK.S.BK(.Sa".5`V...b.o.H.-.."..>..Q..3...xa|..2M7K....0q3...o...t..YD..Lo..;..8

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\vcl120.bpl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):2015208
                                                                                                                                                                      Entropy (8bit):6.680795949493994
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:j2gekcIlYas4GaAKBTZTkZbJ7YBRSjr2WLPcgjzTGlyz6F:jRvzfZT3XSmqcOTGc+F
                                                                                                                                                                      MD5:C594D746FF6C99D140B5E8DA97F12FD4
                                                                                                                                                                      SHA1:F21742707C5F3FEE776F98641F36BD755E24A7B0
                                                                                                                                                                      SHA-256:572EDB7D630E9B03F93BD15135D2CA360176C1232051293663EC5B75C2428AEC
                                                                                                                                                                      SHA-512:33B9902B2CF1154D850779CD012C0285882E158B9D1422C54EA9400CA348686773B6BACB760171060D1A0E620F8FF4A26ECD889DEA3C454E8FC5FA59B173832B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......H.....................l............... .....P.................................................................P..d'...`.......................t...K.......^.............."....................................y...............................text............................... ..`.itext.............................. ..`.data...\!... ..."..................@....bss....<....P.......*...................idata.......`.......*..............@....edata..d'...P...(..................@..@.rdata.."............8..............@..@.reloc...^.......`...:..............@..B.rsrc...............................@..@.....................t..............@..@................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\vclx120.bpl

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):228840
                                                                                                                                                                      Entropy (8bit):6.586685389079735
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:44af8kXL6nX0YXjvkWQ5vYhbNkWPFOEJ8YZbjeTl0Y25zFgYBzRKy6sBaBavEtAk:xaf8kLWL7Xov8bNxdOmrfgYmHAakw
                                                                                                                                                                      MD5:30790CA03FF21E8025955403082DF2EF
                                                                                                                                                                      SHA1:5F9980706F0EC765C57460833021E43EB9EF28F3
                                                                                                                                                                      SHA-256:6B47ACF2B316745CED37C6C65CE72F4EA4AC7F1B14BEDF414DBF4DD84A87601F
                                                                                                                                                                      SHA-512:99641F0F901ED9A1691972AB3E1548CA9779DCBE72C16683277AFE507B6131352FA96FD14BADDC9BC9E6F35ED52CA94C81A0B4AA99EEEA3F278A085A6380333C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......H..........................................1P.....................................................................|......&....P...>...........2...K... ...!..............!................................... ................................text...8........................... ..`.itext.............................. ..`.data...P...........................@....bss....<................................idata..&...........................@....edata...|.......~...R..............@..@.rdata..!...........................@..@.reloc...!... ..."..................@..B.rsrc....>...P...>..................@..@.....................2..............@..@................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\vcruntime140.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):80128
                                                                                                                                                                      Entropy (8bit):6.906674531653877
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:l9j/j2886xv555et/MCsjw0BuRK3jteopUecbAdz86B+JfBL+eNv:l9j/j28V55At/zqw+IqLUecbAdz8lJrv
                                                                                                                                                                      MD5:1B171F9A428C44ACF85F89989007C328
                                                                                                                                                                      SHA1:6F25A874D6CBF8158CB7C491DCEDAA81CEAEBBAE
                                                                                                                                                                      SHA-256:9D02E952396BDFF3ABFE5654E07B7A713C84268A225E11ED9A3BF338ED1E424C
                                                                                                                                                                      SHA-512:99A06770EEA07F36ABC4AE0CECB2AE13C3ACB362B38B731C3BAED045BF76EA6B61EFE4089CD2EFAC27701E9443388322365BDB039CD388987B24D4A43C973BD1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L....(.[.........."!.........................................................0......t(....@A.............................................................?... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\vcruntime140_1.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):44312
                                                                                                                                                                      Entropy (8bit):6.617257033940693
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:Oim/NRETi8kykt25HwviU5fJUiP2551xWmbTqOA7SXfPjy85xM8AT5WrfKWt6zWw:WIe8kySL2iPQxdvjAevlMsQaAWNLyH
                                                                                                                                                                      MD5:520209FA8760C4CD8671C689061EE30E
                                                                                                                                                                      SHA1:DC3AE21855927884AA9150B85FB9C9F48A9D1BC1
                                                                                                                                                                      SHA-256:C6C98CB4436D93721A19B8C72FBA1E459A8745613B4EF445F72B667AD9CD53E0
                                                                                                                                                                      SHA-512:82F2B664E3127441518D700F133483855ECB978D1A3BCD0D8055A661CE58BEB849A7A15BD2DE2DD361CDFAC907E5C0034B6DAD91D8A4389CC4C14B45D01A6C83
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ .S.A...A...A..0.m..A..O....A...9...A...A...A..O....A..O....A..O....A..O....A..O.}..A..O....A..Rich.A..................PE..d...d..^.........." .....:...4......pA....................................................`A.........................................j......|k..x....................l...A......8....b..8...........................@b..0............P..X............................text....9.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\AARV1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                      Entropy (8bit):3.6084585933443494
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:n3FSWRQmS+n:3Ly+n
                                                                                                                                                                      MD5:6566705D984BA8CCF3AA11C3DBF5F213
                                                                                                                                                                      SHA1:E925044765AACDED4E90F5C4FB0B5016A8C9ABA1
                                                                                                                                                                      SHA-256:138BA012769BA59E5489305DC6562D258BEE0F576F659493EAF1453575B6051E
                                                                                                                                                                      SHA-512:C6D7636461AD025C14AE9FDAA07C73561294599A6B3AAC7778C4C6BD8B5C8984A08BBCB53D4B63FAA61199E2AFA45F58FB59982C025DEA09812C10BC47D1D7B7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:6b64b5a6d60031734a6ea7249dc75936

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\AARV2

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                      Entropy (8bit):3.6084585933443494
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:n3FSWRQmS+n:3Ly+n
                                                                                                                                                                      MD5:6566705D984BA8CCF3AA11C3DBF5F213
                                                                                                                                                                      SHA1:E925044765AACDED4E90F5C4FB0B5016A8C9ABA1
                                                                                                                                                                      SHA-256:138BA012769BA59E5489305DC6562D258BEE0F576F659493EAF1453575B6051E
                                                                                                                                                                      SHA-512:C6D7636461AD025C14AE9FDAA07C73561294599A6B3AAC7778C4C6BD8B5C8984A08BBCB53D4B63FAA61199E2AFA45F58FB59982C025DEA09812C10BC47D1D7B7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:6b64b5a6d60031734a6ea7249dc75936

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\AuLibV1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                      Entropy (8bit):3.702819531114783
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:RWWgE8Nr+QXn:kE8Nzn
                                                                                                                                                                      MD5:C8E8EE16FE19AE0C1B4F508D60DEC80C
                                                                                                                                                                      SHA1:557D2D7C0C3C79D82E3922010B1042CAB09BAE06
                                                                                                                                                                      SHA-256:C07E15C88E1F650AD395E6F8970AAD29F1FF3C3962BEA61F1F8E6A5FF1B95425
                                                                                                                                                                      SHA-512:BEB9109DE33565A47F09C27F84637600ECB459BCB0C4B1885BD2E079F5EA5E78E99B24B98FAA8109B0A3320F453BECB64E949FA01D3C56CE904FFCEF4E3F39B0
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:3f0b9cf12c3d3ab97322e54f6b57ef52

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\AuLibV2

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                      Entropy (8bit):3.686278124459133
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:x/HDHDk5a2m3pn:ZHDH4d0n
                                                                                                                                                                      MD5:D11CC86CB3351555E4C3889E20C26160
                                                                                                                                                                      SHA1:9478D165B9A04B54C3703BA25AC664E1CD9D3588
                                                                                                                                                                      SHA-256:99387F512D5DF19A2EEDEA4B9D8EE18FA62B545712B06F07D59F7DFE3E98D9EE
                                                                                                                                                                      SHA-512:B8AA5AAF2F40DBB7EBDBAB7058D3D90151A5951B5D009B51F610CBB64DE2AB8ADB1DCC6B8D40F015E58F83BC28FCFE24B5131B2533091DFC670979FA7BACECDC
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:9e00bf830cf7279db63dec35b2e2f9c1

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\CharMainoV1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                      Entropy (8bit):3.3942475629608078
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:U24nTUVpHcgWD7:UlTUVpHk
                                                                                                                                                                      MD5:201F7993D0DB415744187FDFCAC47C4C
                                                                                                                                                                      SHA1:34BCFC563B1BAD55DE02A5302FA3DC65EE61453A
                                                                                                                                                                      SHA-256:FFE1B907440F971F30601B79909651718CAE0FCBE300DC0E8AE2576FEBA76352
                                                                                                                                                                      SHA-512:4158E20E35A258358B24B96F5E1973AB1ADFB6DFAE5E90FC8BE7FD54058102B5497F7909050CB29D4DA22073701F5F0EF8FD9BB64F7EF75F2F5BC5DAD6169A54
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:5ddea420868303d498327ed0d323df04

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\CharMainoV2

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                      Entropy (8bit):3.3942475629608078
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:U24nTUVpHcgWD7:UlTUVpHk
                                                                                                                                                                      MD5:201F7993D0DB415744187FDFCAC47C4C
                                                                                                                                                                      SHA1:34BCFC563B1BAD55DE02A5302FA3DC65EE61453A
                                                                                                                                                                      SHA-256:FFE1B907440F971F30601B79909651718CAE0FCBE300DC0E8AE2576FEBA76352
                                                                                                                                                                      SHA-512:4158E20E35A258358B24B96F5E1973AB1ADFB6DFAE5E90FC8BE7FD54058102B5497F7909050CB29D4DA22073701F5F0EF8FD9BB64F7EF75F2F5BC5DAD6169A54
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:5ddea420868303d498327ed0d323df04

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\CjLibV1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                      Entropy (8bit):3.5192475629608078
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:G/PWUgmQi:G/PTvQi
                                                                                                                                                                      MD5:7BA8F5B151D26C6C7A222F0673D16E7D
                                                                                                                                                                      SHA1:257834FCDE1A5AA4B71E82B06A5518A3DFE911C7
                                                                                                                                                                      SHA-256:1872426745AFA9DDEC89E70EF1AF564335B7566ADE4074E9241C3BD630C3FD83
                                                                                                                                                                      SHA-512:1D4776DEA65ACC2CFE9BA14DC0503D5E334C37B6D7FD549C030E9C6C94AA5FFF660AB0C195B2D02FBE18A32DB47EDB8E154BC0634C08287B0536F9D44A7A6F68
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:4816ae430c4443ef81194e6d56d89626

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\CjLibV2

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                      Entropy (8bit):3.5192475629608078
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:G/PWUgmQi:G/PTvQi
                                                                                                                                                                      MD5:7BA8F5B151D26C6C7A222F0673D16E7D
                                                                                                                                                                      SHA1:257834FCDE1A5AA4B71E82B06A5518A3DFE911C7
                                                                                                                                                                      SHA-256:1872426745AFA9DDEC89E70EF1AF564335B7566ADE4074E9241C3BD630C3FD83
                                                                                                                                                                      SHA-512:1D4776DEA65ACC2CFE9BA14DC0503D5E334C37B6D7FD549C030E9C6C94AA5FFF660AB0C195B2D02FBE18A32DB47EDB8E154BC0634C08287B0536F9D44A7A6F68
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:4816ae430c4443ef81194e6d56d89626

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\ComeOn

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6
                                                                                                                                                                      Entropy (8bit):2.584962500721156
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:EOT:EK
                                                                                                                                                                      MD5:5FC5090BBC1F75AFADD209A84FFA8677
                                                                                                                                                                      SHA1:E927017CF6545CE206C1DF1FF6F86434DDF9E308
                                                                                                                                                                      SHA-256:EAF2C1EFE78B7AEA937D375420474E484865A72BE54BBEF62021401B3A924519
                                                                                                                                                                      SHA-512:57BA798302885861FC8480F396364A0A7147689BE5D4E3759C21F072913533009AB5538E5184D378A795549CD7183F3CEAE4DB226A4F20210C989FA64EA989DB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ZJ!+S.

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\QdLibV1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                      Entropy (8bit):3.702819531114783
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:WrN0mpRATEn:WR0mpmY
                                                                                                                                                                      MD5:02B66246F9B66CF1B0B03137A0AEE35D
                                                                                                                                                                      SHA1:5F3EBC3600757004BA82A2ACBE95E33B30568730
                                                                                                                                                                      SHA-256:D532001334956A6C0727DBEC52CA70D2BFAB5F7C3170F52F5B7976786118F662
                                                                                                                                                                      SHA-512:DFD8016D9814EB0B734AB5800E9553C869FD0F23AC24FC7159B5C5781791AC80A7F14032700D5AC3955F5C21BCFB6D7CCD445628399F7732BB899CCCEBA44E39
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:b090d19f67e88aee33d5f7cb77be6ac9

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\QdLibV2

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                      Entropy (8bit):3.702819531114783
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:WrN0mpRATEn:WR0mpmY
                                                                                                                                                                      MD5:02B66246F9B66CF1B0B03137A0AEE35D
                                                                                                                                                                      SHA1:5F3EBC3600757004BA82A2ACBE95E33B30568730
                                                                                                                                                                      SHA-256:D532001334956A6C0727DBEC52CA70D2BFAB5F7C3170F52F5B7976786118F662
                                                                                                                                                                      SHA-512:DFD8016D9814EB0B734AB5800E9553C869FD0F23AC24FC7159B5C5781791AC80A7F14032700D5AC3955F5C21BCFB6D7CCD445628399F7732BB899CCCEBA44E39
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:b090d19f67e88aee33d5f7cb77be6ac9

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\Shell

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3
                                                                                                                                                                      Entropy (8bit):0.9182958340544896
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:yX:yX
                                                                                                                                                                      MD5:56BD7107802EBE56C6918992F0608EC6
                                                                                                                                                                      SHA1:EB35C321D6997C344882962B8AA1CD0939B123E1
                                                                                                                                                                      SHA-256:D9EB253E06987FA74A5D3189F73D9F7A8104CCA786FAFBB52BC9555972F5477F
                                                                                                                                                                      SHA-512:DB512F13C2FCED000DF9F7F09A8B54D9CA8EFCB2678BDDAC08326693725DCE9FB43094BDDCBC3539A7B857ED81A0263C540964F1E7AD273E21E0C4C9FE190983
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:err

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\TOFNC

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:International EBCDIC text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):7
                                                                                                                                                                      Entropy (8bit):2.8073549220576046
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:gn:g
                                                                                                                                                                      MD5:FBFD0EC034788C9DA99176A346DF7A18
                                                                                                                                                                      SHA1:7F94B926AA1228750C3D977E13E2BE01442EB83B
                                                                                                                                                                      SHA-256:FA781A00F4E8EDA79E53EBE61F2C02D3B32FD506022A2475CBB051048DDB306C
                                                                                                                                                                      SHA-512:1F2E22CEFB1637C4D8AF1F403405FC20D162B8575087EDEB339DEC9250612C1655896265194D70403FD3B39336A05890D38CF07D8E5475991A83FEE5C190547A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:^.|{ovn

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\WinCall

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):49
                                                                                                                                                                      Entropy (8bit):4.39482336430261
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:xMpzdHJOEA36J:my2
                                                                                                                                                                      MD5:CCBD933CA8EB9E51CB586B63BB7C2481
                                                                                                                                                                      SHA1:1E18556D875D53A5DDF4ADE550295D96B83966DA
                                                                                                                                                                      SHA-256:231B094800C88DCB7C740A97B38EBAA01DCA8BEEE97D222B36A020BA7F6DDEEA
                                                                                                                                                                      SHA-512:41F53C035F338A9A9739AD0E49C320AB476A4F1037805564C02D136DEE9D21868280F33E9CF34A05F6DC1A8298502C8A60F50B538D74779F809EC15950DC5421
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:U!!]k..L]] ]QL!P'P#f.^"".R_.U^_VZ^_V.LYT$ _R".R^X

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\globalV1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                      Entropy (8bit):3.4139097655573916
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:LO0BJRHhqNn:i0nRHhqNn
                                                                                                                                                                      MD5:F01949AD5DFC76F8B7D5B35FDFC58F44
                                                                                                                                                                      SHA1:163716A4ACBD4A3D39D24C2010F897DD8E89F9C3
                                                                                                                                                                      SHA-256:72A1013C1F535E47C200986DAD3A655EF5A70DE6445325CE3E8FD518FCDAD56B
                                                                                                                                                                      SHA-512:E347ADEC91498915F0B775A966CB4916E389325D2AE0AE2492F1E3F0A77C23BAAA9DA8901A42A25EA3F4EDF786382E790F3BC11D2D6852D83C30F78E96615537
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2fbf7b271ad6b7aab9e96822149af897

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\globalV2

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                      Entropy (8bit):3.4139097655573916
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:LO0BJRHhqNn:i0nRHhqNn
                                                                                                                                                                      MD5:F01949AD5DFC76F8B7D5B35FDFC58F44
                                                                                                                                                                      SHA1:163716A4ACBD4A3D39D24C2010F897DD8E89F9C3
                                                                                                                                                                      SHA-256:72A1013C1F535E47C200986DAD3A655EF5A70DE6445325CE3E8FD518FCDAD56B
                                                                                                                                                                      SHA-512:E347ADEC91498915F0B775A966CB4916E389325D2AE0AE2492F1E3F0A77C23BAAA9DA8901A42A25EA3F4EDF786382E790F3BC11D2D6852D83C30F78E96615537
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:2fbf7b271ad6b7aab9e96822149af897

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\qvlnkbroV1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                      Entropy (8bit):3.5192475629608073
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:lDYXWjyXEHn:Z6Wbn
                                                                                                                                                                      MD5:3CE29BA1D17C2CE1A794D41B5D8F5CDB
                                                                                                                                                                      SHA1:1849640291EA6F9F9B172D5814520FBB88144440
                                                                                                                                                                      SHA-256:70F7CA29806F93AC9D54BFEBAAC6670A78F95B1C68CA4FE6D0D1AFCABFE083EF
                                                                                                                                                                      SHA-512:C0B306F097C593DF798916CC3293E689FA2D268DE329222CD1AA0D16B46497C2FF03F092E7F2C115559995868559AF361D18D6E554E4EE4231E68080EA0E9701
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:73f846a1652238496e372aa78aab254b

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\qvlnkbroV2

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                      Entropy (8bit):3.5192475629608073
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:lDYXWjyXEHn:Z6Wbn
                                                                                                                                                                      MD5:3CE29BA1D17C2CE1A794D41B5D8F5CDB
                                                                                                                                                                      SHA1:1849640291EA6F9F9B172D5814520FBB88144440
                                                                                                                                                                      SHA-256:70F7CA29806F93AC9D54BFEBAAC6670A78F95B1C68CA4FE6D0D1AFCABFE083EF
                                                                                                                                                                      SHA-512:C0B306F097C593DF798916CC3293E689FA2D268DE329222CD1AA0D16B46497C2FF03F092E7F2C115559995868559AF361D18D6E554E4EE4231E68080EA0E9701
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:73f846a1652238496e372aa78aab254b

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\settingV1

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                      Entropy (8bit):3.5550365325772653
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:hBhYUJ0dqI:XhBJ0dqI
                                                                                                                                                                      MD5:87D7B82129EDF89D7DA2DD7A586D19CD
                                                                                                                                                                      SHA1:76BED8BFAA0C2ED762AF1C599A233191A3FC2A29
                                                                                                                                                                      SHA-256:37E02378A2A6684ADAA251ADD78E1CD7ACCDC610FBE0E53FA69BAD505482B4B5
                                                                                                                                                                      SHA-512:69A8DB0C3A458F0150FC65820813CFC795D8310CCCA6E47F0CC9B298EF06102B12A4D69C50FCD7CEA52E9594C770105974BFAF9CB01B69FAFA5559F8A568FC2E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ead3d4cba62cad943dca9fa88139d258

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\version\settingV2

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with no line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32
                                                                                                                                                                      Entropy (8bit):3.5550365325772653
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:hBhYUJ0dqI:XhBJ0dqI
                                                                                                                                                                      MD5:87D7B82129EDF89D7DA2DD7A586D19CD
                                                                                                                                                                      SHA1:76BED8BFAA0C2ED762AF1C599A233191A3FC2A29
                                                                                                                                                                      SHA-256:37E02378A2A6684ADAA251ADD78E1CD7ACCDC610FBE0E53FA69BAD505482B4B5
                                                                                                                                                                      SHA-512:69A8DB0C3A458F0150FC65820813CFC795D8310CCCA6E47F0CC9B298EF06102B12A4D69C50FCD7CEA52E9594C770105974BFAF9CB01B69FAFA5559F8A568FC2E
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:ead3d4cba62cad943dca9fa88139d258

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\vmauthd.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):31392
                                                                                                                                                                      Entropy (8bit):7.0257306588528055
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:/0A2poIjvYmp2y/pNhKNyH1Mn8E9VFDPxlNMIYiBpxePxh8E9VF0Ny+Bu:USWYSxNhzM8EJPxxYi3kPxWEEw
                                                                                                                                                                      MD5:53E56314DCAA09A91CAEC8DCD4A8E85D
                                                                                                                                                                      SHA1:ED4B9BD0D80BA2DD264C6E1A1D26D395C5A87795
                                                                                                                                                                      SHA-256:12A1D6C80C2E4D39F13D429630CD15696F7690819CF3B946DD6A07B150FAE8FD
                                                                                                                                                                      SHA-512:684830A9F53119BE989821D6347E9518CF29EA21D94A4DE5FFAD2DEEA2FC94625CFCA76D0A0B95BBD2B5816449D37A00369966F27066D73B9A99DF60EA80D678
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ok.+...+...+....z..)...y...)..."r&.(...+...5...y...!...y...!...y...*......*....J.*......*...Rich+...................PE..L...X.tc...........!................P........ ...............................`......"w....@A................................D%..P....@...............(...R...P..<.... ..T............................!..@............ ..d............................text............................... ..`.rdata..,.... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc..<....P.......&..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\zip.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):301504
                                                                                                                                                                      Entropy (8bit):6.49043668203017
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:remIWncUsq/i4vo6cRwtf/STC47MSzISIJTc6TDVO:ajccjai4vo6cRb+4QScSI7E
                                                                                                                                                                      MD5:4410900FB42EE1291627427BB9C7F3FB
                                                                                                                                                                      SHA1:F25009F1DA682D56548B8621BADCDD99DC1C4414
                                                                                                                                                                      SHA-256:19726ED6B075FB56BF5C5260766411AA7BB1C39F43476A9712C90306E2CBEF9B
                                                                                                                                                                      SHA-512:F315D6BD50AB20D6420BB9B0123EDF069A6442049F16A72615232AABCC371576EFCCF000074AAACC3FBB370B04B09F63735F80201918E35D5CF7B24C438214E1
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........::..[TM.[TM.[TM.GXM.[TM.}_M.[TM.GZM.[TM.DGM.[TM.[UM.[TM.}^MJ[TM_]RM.[TMRich.[TM................PE..L.....xH................. ...@.......u.......0....@..........................p..............................................XH..P....`.. ............p...)...........................................................0...............................text............ .................. ..`.rdata..."...0...0...0..............@..@.data........`.......`..............@....rsrc... ....`.......`..............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\zlib1.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):91584
                                                                                                                                                                      Entropy (8bit):6.918973229700604
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:Yue8cAbT3KO9ZTRgyI/0DseAAPMD6eJPOvuk1Vx8sDmIOQIOm5AbwPvB7XYxc:k8p6O9ZFtDskMD7Ouk1Vx1DEGmcwPvBJ
                                                                                                                                                                      MD5:7A85BCF3BA2CDB70FFD7C67E8FD079EF
                                                                                                                                                                      SHA1:50688A161D30C9095CFA8B7419E04FBE9D90B47C
                                                                                                                                                                      SHA-256:6AC5061543C831D0A554AC1A872FA5D7A045DC5FCDCCDE99B5898D695ADAF4AE
                                                                                                                                                                      SHA-512:8841341C7E59E37D60E04B570D768408E776B62F71FDFF369DD4904DB83FC4B0494215AC65E94682D60009556B9F55E038B9A9462ED6396865AF4B322F0390EA
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........X...6...6...6.......6.3.7...6...7...6...7...6.3.....6.3.3...6.3.2...6.3.5...6...2...6...6...6.......6...4...6.Rich..6.................PE..L......d...........!...$.....n...............................................p.......Y....@A.........................2.......9.......P...............<...)...`.......-..p............................,..@............................................text............................... ..`.rdata..x^.......`..................@..@.data........@.......0..............@....rsrc........P.......2..............@..@.reloc.......`.......6..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\5a2ae2.msi

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 936, Revision Number: {FF04FCEE-D135-4246-945D-4A9D97099E64}, Number of Words: 0, Subject: Windows, Author: GbLXGXDAPUOD, Name of Creating Application: Windows, Template: ;2052, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3592192
                                                                                                                                                                      Entropy (8bit):6.5363078562423516
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:vfplGFAvHZXm1+akq2+cZfsZlA0OO62wOR4UkrfH1OrEMBZX26PH2ca7G/uaJEi2:pkFALq3pOwkP2uayisdSHis
                                                                                                                                                                      MD5:ED11B37D4C599EBFCB24123B6F35648D
                                                                                                                                                                      SHA1:01517B47E325ACFFFB38532D7E0CB152D0667952
                                                                                                                                                                      SHA-256:F68D10ADAB342777B36CE77B064952C1D0E5309B070D1D51DED7AAE092AA5432
                                                                                                                                                                      SHA-512:67280F74E10C05166735EEE0B1CB2A44A3083E7E5E3800B410C43349A22DBBCD99BDBE9E9E477FEA5EBA97E80B4D35DF473E88881728466EC3F79A43C2F83221
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>...................7...................................R...S...T...U...V...W...X...Y...Z...[...u.......|.......................................................................................................................................................(...)...*...........................................................................................................................................................................................................................................m.......................4...7................................................................................... ...!..."...#...$...%...&...'...(...)...5...+...,...-......./...0...1...2...3.......=...6...8...J...9...:...;...<...@...>...?...G...A...B...C...D...E...F...Q...H...I...n...K...L...M...N...O...P...................................................]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                      C:\Windows\Installer\MSI2C69.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):563656
                                                                                                                                                                      Entropy (8bit):6.432700089523593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                                                                                      MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                                                                                      SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                                                                                      SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                                                                                      SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\MSI2CC8.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):563656
                                                                                                                                                                      Entropy (8bit):6.432700089523593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                                                                                      MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                                                                                      SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                                                                                      SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                                                                                      SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\MSI2D07.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):823240
                                                                                                                                                                      Entropy (8bit):6.404576447300874
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:rTaRpuaJXUUxsdScfjP3UtMMnNfXnUCCAs0+D:rG/uaJEisdScfbUiANfXnUCCAs0+D
                                                                                                                                                                      MD5:2E25B7DC66FC65D92C998D6FB1D09EF6
                                                                                                                                                                      SHA1:719CC9C0BBE12F040E169984851E3ABEA03D9CF8
                                                                                                                                                                      SHA-256:A01FB6763B11BA0CBF9B26FC8D45E933C2A6AD313BC9B12ED41AC67BAF2AA8C2
                                                                                                                                                                      SHA-512:7D4AF029A01CE60FC0787599C031C0DBFF7069311832A5587F003EA68EF739B22C8B01832E00801B0D17C12983C4D0E7877CDE58DE371886CFB6BE5B490F4C33
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$....................4.....4..H..........................4.....4.....4................................F..........Rich...................PE..L...q..b.........."!... .$...X...............@...........................................@.................................`........................l...#......@...h...p...............................@............@...............................text....".......$.................. ..`.rdata......@.......(..............@..@.data...............................@....rsrc................t..............@..@.reloc..@...........................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\MSI2D66.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):563656
                                                                                                                                                                      Entropy (8bit):6.432700089523593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:Z0WKoDOO80Gw0Oy13zcbs7B1OLmxcSFEq7agKR7T+cgAOVSxZR4dwXsZo:ZfK+KdnOq1jEqmR+ZKZoCsZo
                                                                                                                                                                      MD5:0DD1F1FF906C4D1FC7AD962E994CAD7F
                                                                                                                                                                      SHA1:4D1549CF7EF6A63BAF83280143D7797D4DF4FA2D
                                                                                                                                                                      SHA-256:140F578569ADBF831F87275091AF9CA200ED8B2453CBE729A0249B9B6F6B4588
                                                                                                                                                                      SHA-512:8D5622BB299BF6BEBF3EAA266A9FCBBC953A729E9D9CA20F8F358D7A14599D0A017FEEF58AA8D3AADC075C6211478BBAC2D38E38E36E34096D4DCEB51FFD00CB
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=.a.\.2.\.2.\.2m..3.\.2m..3.\.2.&.3.\.2.&.3.\.2.$.3.\.2.&.3.\.2m..3.\.2m..3.\.2m..3.\.2.\.2.].2.&.3.\.2.&.3.\.2.&.2.\.2.\r2.\.2.&.3.\.2Rich.\.2........PE..L......b.........."!... ............O.....................................................@.............................@...0...,....@...............v...#...P..<`...6..p...................@7.......5..@...............4............................text............................... ..`.rdata..............................@..@.data...|"..........................@....rsrc........@......................@..@.reloc..<`...P...b..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\MSI2D96.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):648136
                                                                                                                                                                      Entropy (8bit):6.449062813580053
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:kEvIkrf4bxnJAN9Wk9BR3NUBNoACiSsmqJBoQZXm1+g:keIgMyR3iyACyHZXm1+g
                                                                                                                                                                      MD5:9B4B4EA6509E4DB1E2A8F09A7C6F8F04
                                                                                                                                                                      SHA1:512880ABE3C9696EDB042599BD199F1D05210AA2
                                                                                                                                                                      SHA-256:3774C31039CB87ED0327F49A00ABD7B4211AC938A46378B8661CD5D8B3B34F94
                                                                                                                                                                      SHA-512:63B4788A3AD000C08582F55532DC06BF88BC4111837A63E8157E0F5F668225F46758F9481B6E526A5A813F4F0CC9BE65FB4107D2135C61083274592AF03BA608
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......................-......-...W......................-...........-.......-.................................r............Rich....................PE..L......b.........."!... . ...................0............................................@.........................p=.......>..........h................#.......`...`..p....................a.......C..@............0......4;..@....................text............ .................. ..`.rdata..4!...0..."...$..............@..@.data...@"...`.......F..............@....rsrc...h............X..............@..@.reloc...`.......b...^..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\MSI516B.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):823240
                                                                                                                                                                      Entropy (8bit):6.404576447300874
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:rTaRpuaJXUUxsdScfjP3UtMMnNfXnUCCAs0+D:rG/uaJEisdScfbUiANfXnUCCAs0+D
                                                                                                                                                                      MD5:2E25B7DC66FC65D92C998D6FB1D09EF6
                                                                                                                                                                      SHA1:719CC9C0BBE12F040E169984851E3ABEA03D9CF8
                                                                                                                                                                      SHA-256:A01FB6763B11BA0CBF9B26FC8D45E933C2A6AD313BC9B12ED41AC67BAF2AA8C2
                                                                                                                                                                      SHA-512:7D4AF029A01CE60FC0787599C031C0DBFF7069311832A5587F003EA68EF739B22C8B01832E00801B0D17C12983C4D0E7877CDE58DE371886CFB6BE5B490F4C33
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$....................4.....4..H..........................4.....4.....4................................F..........Rich...................PE..L...q..b.........."!... .$...X...............@...........................................@.................................`........................l...#......@...h...p...............................@............@...............................text....".......$.................. ..`.rdata......@.......(..............@..@.data...............................@....rsrc................t..............@..@.reloc..@...........................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\MSI519B.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):823240
                                                                                                                                                                      Entropy (8bit):6.404576447300874
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:24576:rTaRpuaJXUUxsdScfjP3UtMMnNfXnUCCAs0+D:rG/uaJEisdScfbUiANfXnUCCAs0+D
                                                                                                                                                                      MD5:2E25B7DC66FC65D92C998D6FB1D09EF6
                                                                                                                                                                      SHA1:719CC9C0BBE12F040E169984851E3ABEA03D9CF8
                                                                                                                                                                      SHA-256:A01FB6763B11BA0CBF9B26FC8D45E933C2A6AD313BC9B12ED41AC67BAF2AA8C2
                                                                                                                                                                      SHA-512:7D4AF029A01CE60FC0787599C031C0DBFF7069311832A5587F003EA68EF739B22C8B01832E00801B0D17C12983C4D0E7877CDE58DE371886CFB6BE5B490F4C33
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$....................4.....4..H..........................4.....4.....4................................F..........Rich...................PE..L...q..b.........."!... .$...X...............@...........................................@.................................`........................l...#......@...h...p...............................@............@...............................text....".......$.................. ..`.rdata......@.......(..............@..@.data...............................@....rsrc................t..............@..@.reloc..@...........................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\MSI52B5.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):231013
                                                                                                                                                                      Entropy (8bit):6.70713681401947
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:8QpCR8JziNnrQnzMYywmn3h1sp7/WvCnIukR4BbxKigu/fgl1glfdjgBftJeCEEJ:87RuGQnzXtr7tbxKVuE1gQJeCEMx4A
                                                                                                                                                                      MD5:03279C1E2723894301DC268362FDC04A
                                                                                                                                                                      SHA1:AAFA9967CDA46072C4B27914CCDACEF99FC79002
                                                                                                                                                                      SHA-256:111A8755EB1FF0A44211C2A24C52CEF2563979A1DEC97BEA77A31E8108C2CA8D
                                                                                                                                                                      SHA-512:DBE6D1BF3C44BB16244B093372C54312149A97DCB60E803F8D2AEA6D4027815CED36E0AD61B321CD03F85A810D020397724683215E4284E40A3AA5879ACEEB5D
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:...@IXOS.@.....@...Y.@.....@.....@.....@.....@.....@......&.{AF084EDE-DB6F-45F9-8AB2-9750C7AF5081}..Windows..DAN_127.msi.@.....@.....@.....@........&.{FF04FCEE-D135-4246-945D-4A9D97099E64}.....@.....@.....@.....@.......@.....@.....@.......@......Windows......Rollback..ck(W.V.n.d\O:.....RollbackCleanup..ck(W Rd..Y.N.e.N...e.N:. .[.1.]....@.......@........ProcessComponents..ck(W.f.e.~.N.l.Qh....@>....@.....@.]....&.{0BDD925F-9555-4E0F-A320-9E414AC18B7C}d.02:\Software\Caphyon\Advanced Installer\LZMA\{AF084EDE-DB6F-45F9-8AB2-9750C7AF5081}\1.1.6\AI_ExePath.@.......@.....@.....@......&.{FEAD2C16-C7B0-493E-B979-1B01A169ADEA}M.02:\Software\GbLXGXDAPUOD\{AF084EDE-DB6F-45F9-8AB2-9750C7AF5081}\AI_IA_ENABLE.@.......@.....@.....@......&.{EC42FCB1-8AAF-4702-9E48-B83254BD3FB0}+.C:\Program Files (x86)\BtDDIFUEHLCR\Gme.dll.@.......@.....@.....@......&.{BDAF5FA3-1BA6-42D1-894D-41DA643F7A2B}..C:\Program Files (x86)\BtDDIFUEHLCR\GmeApi.dll.@.......@.....@.....@......&.{25BC8264-C934-445D-B75A-54A198CB23F0

                                                                                                                                                                      C:\Windows\Installer\MSI788D.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):39424
                                                                                                                                                                      Entropy (8bit):5.750662778266912
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:95235sQR6i6oI6rHjdbWqmQB5hw2l5HYsakk7BKfEDHIanumzKO732M/foo9d2:32mQV63qjh/pokkkfEDznzFhfoo72
                                                                                                                                                                      MD5:65786F45F119E213FCCF15B070944F96
                                                                                                                                                                      SHA1:F3F4CB3286E36E4908211CC940256F962DDD0836
                                                                                                                                                                      SHA-256:C3E569DD4A0A7E19BE1A8F523C16790BA87CB68755F5EB6295A834F40010FF3C
                                                                                                                                                                      SHA-512:8C52A1FA91D7F7111F94C83AA0719B365F16B9CE0465C038F4891232917D6E4346983898D087EBA0FFF3A7E09C01A4DAE405F0F42D5B2B291FD4FBA509B13431
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.d;&u.h&u.h&u.hI..h3u.hI..h(u.hI..heu.h/..h!u.h&u.hku.hI..h$u.hI..h'u.hI..h'u.hRich&u.h................PE..L.....\g...........!.....N...V...............`............................................@.............................P...<...P................................................................... ...@............`...............................text....L.......N.................. ..`.rdata...*...`...,...R..............@..@.data...@............~..............@....reloc..b...........................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\MSI7DAF.tmp

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:modified
                                                                                                                                                                      Size (bytes):175328
                                                                                                                                                                      Entropy (8bit):6.879935553739908
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:jnrQnzMYywmn3h1sp7/WvCnIukR4BbxKigu/fgl1glfdjgBftJeCEEzx4N7mcr5:XQnzXtr7tbxKVuE1gQJeCEMx4p
                                                                                                                                                                      MD5:BE4ED0D3AA0B2573927A046620106B13
                                                                                                                                                                      SHA1:0B81544CD5E66A36D90A033F60A0ECE1CD3506A8
                                                                                                                                                                      SHA-256:79BF3258E03FD1ACB395DC184FBE5496DFA4B3D6A3F9F4598C5DF13422CC600D
                                                                                                                                                                      SHA-512:BD4E0447C47EEA3D457B4C0E8264C1A315EE796CF29E721E9E6B7AB396802E3CCC633488F8BEEB8D2CF42A300367F76DEDDA74174C0B687FB8A328D197132753
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............d..d..d...g..d...a...d...`..d..g..d..`..d..a..d...e..d..e..d...a..d.....d.....d...f..d.Rich..d.........PE..L....]d............................S#............@.................................>.....@.................................d8..<....p...............d...H...........*..T...........................H+..@...............$............................text............................... ..`.rdata..._.......`..................@..@.data........@.......4..............@....gfids.. ....`.......>..............@..@.rsrc........p.......@..............@..@.reloc...............T..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\SourceHash{AF084EDE-DB6F-45F9-8AB2-9750C7AF5081}

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):24576
                                                                                                                                                                      Entropy (8bit):2.6929408078659773
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:t7j8NEt4Igt8npXY/dAc7zOiIQ4ew2ATOzcAgOT9lnn9:t7jdPgtOXydAWCQsi4AgOTn9
                                                                                                                                                                      MD5:7F42A7E10F52D4B547C6C03ACFF633CC
                                                                                                                                                                      SHA1:C1E19EC9CD7B6916A5D284C7BE4F643084BB4FA9
                                                                                                                                                                      SHA-256:E773537AF31308E517F4CE39526B32287E6A374A16347CA3B7E99DECB4A04077
                                                                                                                                                                      SHA-512:50313A90FE28FFD4DDC063296670D9E34ABB0365ADCD5BDF7BD38B05577ACBFE59E5B877B7E7CBD4845C92A3CD60299D29729EAF6EE78621E777BB64C6C38C3A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):24576
                                                                                                                                                                      Entropy (8bit):1.9049135240668766
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:n8PhmuRc06WXJkjT5JdRh6IdIbQqWSkd3EbQqV/ZuHxPDSrGoaD8xYzIoJxL7xBb:mhm1njTzh6EDlnmYeGo75FhfBu
                                                                                                                                                                      MD5:E273D8A5D29273A596F40F16B8720C60
                                                                                                                                                                      SHA1:C4EB13EEA4800C2953A3CC104BD4838F690C11FF
                                                                                                                                                                      SHA-256:0862C754A13D861A9E623653B0327E5BD12142287A5482F276F27FE1CEDF0DEF
                                                                                                                                                                      SHA-512:572D01DB0B844668257CE0523AE457798954F2124E5B1AB864E490CC9E23B41BD1EAB99E464F8BA52E0D63AA263CE882AF335EFDF8B9FD2D50B0A84E7B74038C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Installer\libjyy.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):54272
                                                                                                                                                                      Entropy (8bit):5.9384613835931574
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:T5nyDYFbaVtmFD5JOCQOeh5v+RZD2IddL71uh8IvIFkkKfED4n633e7G:Pbm4HOCQf5veJvddH1itvuk363j
                                                                                                                                                                      MD5:8457F75FAD437B77A9370FE0C9C85B0F
                                                                                                                                                                      SHA1:1BCCE800388EB133676F47C9B0EAFC638F808D89
                                                                                                                                                                      SHA-256:49B707EC02F014298BF0F6B8698A8D4A78A6465B3905158C9592C20383758775
                                                                                                                                                                      SHA-512:1D2F8DCEDA36D60F71FA5F0A2F1F1ABC819E31EDFBFFB696FFE254D683E75F95C4C6E18DB4CC208326D38A4C2E87C44D6983C7D9DC15EDCFF0050263F39F90E5
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............t...t...t.......t....9..t....8..t.......t...t...t....<..t.......t.......t..Rich.t..........PE..L...+.\g...........!.....~...p.......!....................................................@.............................S......x......................................................................@...............P............................text...H|.......~.................. ..`.rdata.../.......0..................@..@.data....+..........................@....reloc..p...........................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):432221
                                                                                                                                                                      Entropy (8bit):5.375163353050211
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgau/:zTtbmkExhMJCIpErm
                                                                                                                                                                      MD5:B4AEFB83CA7079B2E08354E594976794
                                                                                                                                                                      SHA1:FB83D3E2ACC6074F3A32B262DD7EA497489867C8
                                                                                                                                                                      SHA-256:EEDFB67C485D4CFC2808E2FE7A6E86583516BE4ADFEC2EC81EDFC449B924B23B
                                                                                                                                                                      SHA-512:F9C8D6CE1C6883EA6F1FC1AE7FD2CF8743E073D41BC81DECE295F65BC80E36CD122B35EB494F692FCE1443977C9E2512FCB74FAA65EED227E0BEFA975CD9E908
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                      C:\Windows\Temp\~DF2E3D6D48E1564483.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):49152
                                                                                                                                                                      Entropy (8bit):1.2448724786360919
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:6TuuyI+CFXJ/T55UVyBdRh6IdIbQqWSkd3EbQqV/ZuHxPDSrGoaD8xYzIoJxL7xt:QuOnT38Eh6EDlnmYeGo75FhfBu
                                                                                                                                                                      MD5:AF45648EC411E9C21921D12753C81BF6
                                                                                                                                                                      SHA1:D23F09DD200B8114B61A0EE783553FCCD7120C3F
                                                                                                                                                                      SHA-256:DA12153B7937723EB176C4792104F7448738348CBDE27175B53D94F7FC28AA99
                                                                                                                                                                      SHA-512:5956694D59585EA416906E1532DB78157010351EBE3C23A65A374DF5A70A04B1739CBC1296DD0734C57A4A7A0EC606961F9A79E9BC249DACC42A08FB3185BD42
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DF311522B5EB7EF7BC.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DF36148B935D395A7B.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):49152
                                                                                                                                                                      Entropy (8bit):1.2448724786360919
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:6TuuyI+CFXJ/T55UVyBdRh6IdIbQqWSkd3EbQqV/ZuHxPDSrGoaD8xYzIoJxL7xt:QuOnT38Eh6EDlnmYeGo75FhfBu
                                                                                                                                                                      MD5:AF45648EC411E9C21921D12753C81BF6
                                                                                                                                                                      SHA1:D23F09DD200B8114B61A0EE783553FCCD7120C3F
                                                                                                                                                                      SHA-256:DA12153B7937723EB176C4792104F7448738348CBDE27175B53D94F7FC28AA99
                                                                                                                                                                      SHA-512:5956694D59585EA416906E1532DB78157010351EBE3C23A65A374DF5A70A04B1739CBC1296DD0734C57A4A7A0EC606961F9A79E9BC249DACC42A08FB3185BD42
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DF36AAE79B0760AE8A.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DF3F593FB28CCD674A.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DF4ACB8AC2BE066A03.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):73728
                                                                                                                                                                      Entropy (8bit):0.3334445336519559
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:oiuCT4dJSkdOdIbQqWSkd3EbQqV/ZuHxPDSrGoaD8xYzIoJxL7xBxqxtpwxbxEor:huN4DlnmYeGo75Fh5sh
                                                                                                                                                                      MD5:61FC2EEEC688A0B087D30378A96F2BA1
                                                                                                                                                                      SHA1:95F719F064B2E0C4021E2CAF35A3A47513A43280
                                                                                                                                                                      SHA-256:2A6DE97759C7195D899656E43CDBD7273980BC7BE2B27AB1CF3D0FB875D1851A
                                                                                                                                                                      SHA-512:BC982DA6D7FED5D08AA896EAA9DB858D1DEEBC150895454BB7FECCF0214527C93CC4206D81D36C49CDF956F28D9EE2FDE14290945FCE3E59CE009CBB2AA29D00
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DF87927EC7A8A73C64.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):24576
                                                                                                                                                                      Entropy (8bit):1.9049135240668766
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:n8PhmuRc06WXJkjT5JdRh6IdIbQqWSkd3EbQqV/ZuHxPDSrGoaD8xYzIoJxL7xBb:mhm1njTzh6EDlnmYeGo75FhfBu
                                                                                                                                                                      MD5:E273D8A5D29273A596F40F16B8720C60
                                                                                                                                                                      SHA1:C4EB13EEA4800C2953A3CC104BD4838F690C11FF
                                                                                                                                                                      SHA-256:0862C754A13D861A9E623653B0327E5BD12142287A5482F276F27FE1CEDF0DEF
                                                                                                                                                                      SHA-512:572D01DB0B844668257CE0523AE457798954F2124E5B1AB864E490CC9E23B41BD1EAB99E464F8BA52E0D63AA263CE882AF335EFDF8B9FD2D50B0A84E7B74038C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DF88B4B91E9CAB9189.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):49152
                                                                                                                                                                      Entropy (8bit):1.2448724786360919
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:6TuuyI+CFXJ/T55UVyBdRh6IdIbQqWSkd3EbQqV/ZuHxPDSrGoaD8xYzIoJxL7xt:QuOnT38Eh6EDlnmYeGo75FhfBu
                                                                                                                                                                      MD5:AF45648EC411E9C21921D12753C81BF6
                                                                                                                                                                      SHA1:D23F09DD200B8114B61A0EE783553FCCD7120C3F
                                                                                                                                                                      SHA-256:DA12153B7937723EB176C4792104F7448738348CBDE27175B53D94F7FC28AA99
                                                                                                                                                                      SHA-512:5956694D59585EA416906E1532DB78157010351EBE3C23A65A374DF5A70A04B1739CBC1296DD0734C57A4A7A0EC606961F9A79E9BC249DACC42A08FB3185BD42
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DF8D49DDD5B1CF904F.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                      Entropy (8bit):1.4129505329124208
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:D9lnn9saWt4Igt8npXY/dAc7zOiIQ4ew2ATOzcAg:Dn9saWPgtOXydAWCQsi4Ag
                                                                                                                                                                      MD5:1867BFBF3EEF69E2C296DBDF0CE2AD1A
                                                                                                                                                                      SHA1:AD9FE827BE240151DA152B0398F429E4749C2992
                                                                                                                                                                      SHA-256:AEC0E1E3361EC97F4CA1F0C7040F969A9359E1C3D62F538552CB2ECB2BA042AA
                                                                                                                                                                      SHA-512:1CE79A7E7A796AB9A58710A20F38F94CE629600B6464290F4EB7B0E1D20891355482536DFBD8D42E6F04CCAB4703F3AC8EBC6B8E95AA10FFF68928AB2E6EE51B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DFC51B437C52B8CB28.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):24576
                                                                                                                                                                      Entropy (8bit):1.9049135240668766
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:48:n8PhmuRc06WXJkjT5JdRh6IdIbQqWSkd3EbQqV/ZuHxPDSrGoaD8xYzIoJxL7xBb:mhm1njTzh6EDlnmYeGo75FhfBu
                                                                                                                                                                      MD5:E273D8A5D29273A596F40F16B8720C60
                                                                                                                                                                      SHA1:C4EB13EEA4800C2953A3CC104BD4838F690C11FF
                                                                                                                                                                      SHA-256:0862C754A13D861A9E623653B0327E5BD12142287A5482F276F27FE1CEDF0DEF
                                                                                                                                                                      SHA-512:572D01DB0B844668257CE0523AE457798954F2124E5B1AB864E490CC9E23B41BD1EAB99E464F8BA52E0D63AA263CE882AF335EFDF8B9FD2D50B0A84E7B74038C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DFDD1809E7A84FD7D2.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Windows\Temp\~DFFBE85D9B4A02FA72.TMP

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):512
                                                                                                                                                                      Entropy (8bit):0.0
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3::
                                                                                                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      \Device\ConDrv

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):531
                                                                                                                                                                      Entropy (8bit):5.1702114964045895
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12:pporCVZcRwNqppyT5Vv0oRVv05swBsviJAIkzLGNVs:ppH4wNqpoT5VMiVM5NBsviJAIzPs
                                                                                                                                                                      MD5:4C0FA081402AB69E78EEB4935FAA916A
                                                                                                                                                                      SHA1:58DA588BA94082C883A5428E237B5D12A13A9149
                                                                                                                                                                      SHA-256:BDDE5474CECBABAC036183E5EBA57617112ECE39F88A027BC0C5B3D959F5F6B6
                                                                                                                                                                      SHA-512:EA236EEFB246E1426C513C1904547736951403931BAD6396C509933449C227C775CB4F3EDD94D1658B3D6101C325BB9F7A16313A6BAE9485B06739DEC854A9C7
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:..7-Zip 22.01 (x86) : Copyright (c) 1999-2022 Igor Pavlov : 2022-07-15....Scanning the drive for archives:.. 0M Scan C:\Program Files (x86)\BtDDIFUEHLCR\. .1 file, 204 bytes (1 KiB)....Extracting archive: C:\Program Files (x86)\BtDDIFUEHLCR\TMGJRLDUDWLQ.FCU..--..Path = C:\Program Files (x86)\BtDDIFUEHLCR\TMGJRLDUDWLQ.FCU..Type = 7z..Physical Size = 204..Headers Size = 204..Solid = -..Blocks = 0.... 0%. .Everything is Ok....Folders: 2..Files: 1..Size: 0..Compressed: 204..

                                                                                                                                                                      \Device\Mup\user-PC*\MAILSLOT\NET\NETLOGON

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                      File Type:data
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):64
                                                                                                                                                                      Entropy (8bit):3.638813206984032
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3:qPl9I2Y1Anv9lElLn:qPgGULn
                                                                                                                                                                      MD5:5EF484A226B657815969D39416143D3F
                                                                                                                                                                      SHA1:B9AB1FB05917899EBF4823E8A1B635CEF30EF031
                                                                                                                                                                      SHA-256:A9FF6728B6306AB7D897203EEE230ADF955827B872CD8B7BAE24BDFBBECC779B
                                                                                                                                                                      SHA-512:8E8CA6B327AEBFCF374B50E81C35BE8705B5C6D80AB351D5762E23EECEDFB289346F4AD414147A4AC7D7EF5B333F9C477BEC97A63361566A22D86375C2A86D2C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:....1.7.2.8.9.2.....\MAILSLOT\NET\GETDCAF549ED9.................

                                                                                                                                                                      Static File Info

                                                                                                                                                                      General

                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                      Entropy (8bit):7.94391938958448
                                                                                                                                                                      TrID:
                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                      File name:Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      File size:28'924'664 bytes
                                                                                                                                                                      MD5:0be92f00cc946557bbf1dec87b708224
                                                                                                                                                                      SHA1:26dfe06acdb876d3b14535eefd8ede889c1822d4
                                                                                                                                                                      SHA256:b13e900d876cc76cd8cb649f56ae984ddb488c97e5b383bc34524e3fec0b7daf
                                                                                                                                                                      SHA512:48bbb180a22d07e16cd81c60912f61df8c2201d4980cf88e60f0fceebf658d237f27b5451b36d10ffd28ed4b00b8101c3413e87dd8b501b1e71b683995e4f29d
                                                                                                                                                                      SSDEEP:786432:KLeiwSDpPv8A4qvhv4iPEFN2rUJeiNltZkPPWlih3fWOswdRD:KKiJPv8AbEPTRNltyPPWMd9swZ
                                                                                                                                                                      TLSH:8D572220764AC42BC66705F11A2CAADF512CAF660B7164D773CC2E6E0BB95C21737E27
                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w._.3.1.3.1.3.1...2.>.1...4...1...7.2.1.S.5. .1.S.2.+.1.Q.4.0.1.S.4.V.1...5.).1...0.0.1...6.2.1.3.0...1.W.8.~.1.W...2.1.3...2.1

                                                                                                                                                                      File Icon

                                                                                                                                                                      Icon Hash:0000000000000000

                                                                                                                                                                      Static PE Info

                                                                                                                                                                      General

                                                                                                                                                                      Entrypoint:0x5b51a4
                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                      Digitally signed:true
                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                      Time Stamp:0x62E7A72C [Mon Aug 1 10:13:00 2022 UTC]
                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                      File Version Major:6
                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                      Import Hash:d23703a6f12b30c40e0b3bc256b113cd

                                                                                                                                                                      Authenticode Signature

                                                                                                                                                                      Signature Valid:false
                                                                                                                                                                      Signature Issuer:CN=load.to, O=rushbee.com, C=BE
                                                                                                                                                                      Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                                                      Error Number:-2146762487
                                                                                                                                                                      Not Before, Not After
                                                                                                                                                                      • 13/12/2024 22:49:35 11/12/2033 22:49:35
                                                                                                                                                                      Subject Chain
                                                                                                                                                                      • CN=load.to, O=rushbee.com, C=BE
                                                                                                                                                                      Version:1
                                                                                                                                                                      Thumbprint MD5:D094D151DAD09D40E73E094BD8192BEA
                                                                                                                                                                      Thumbprint SHA-1:1BB8A19F7AB55E68D2D62F22200C2B7FE1ECA0AC
                                                                                                                                                                      Thumbprint SHA-256:D2A184C7661E1B5BB6550A25660F0D91F2941183255F3158AE7D9C73ED3DCD31
                                                                                                                                                                      Serial:01

                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                      Instruction
                                                                                                                                                                      call 00007F20D4D609EFh
                                                                                                                                                                      jmp 00007F20D4D6022Fh
                                                                                                                                                                      mov ecx, dword ptr [ebp-0Ch]
                                                                                                                                                                      mov dword ptr fs:[00000000h], ecx
                                                                                                                                                                      pop ecx
                                                                                                                                                                      pop edi
                                                                                                                                                                      pop edi
                                                                                                                                                                      pop esi
                                                                                                                                                                      pop ebx
                                                                                                                                                                      mov esp, ebp
                                                                                                                                                                      pop ebp
                                                                                                                                                                      push ecx
                                                                                                                                                                      ret
                                                                                                                                                                      mov ecx, dword ptr [ebp-10h]
                                                                                                                                                                      xor ecx, ebp
                                                                                                                                                                      call 00007F20D4D5F883h
                                                                                                                                                                      jmp 00007F20D4D60392h
                                                                                                                                                                      push eax
                                                                                                                                                                      push dword ptr fs:[00000000h]
                                                                                                                                                                      lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                      sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                      push ebx
                                                                                                                                                                      push esi
                                                                                                                                                                      push edi
                                                                                                                                                                      mov dword ptr [eax], ebp
                                                                                                                                                                      mov ebp, eax
                                                                                                                                                                      mov eax, dword ptr [006C1024h]
                                                                                                                                                                      xor eax, ebp
                                                                                                                                                                      push eax
                                                                                                                                                                      push dword ptr [ebp-04h]
                                                                                                                                                                      mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                      lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                      mov dword ptr fs:[00000000h], eax
                                                                                                                                                                      ret
                                                                                                                                                                      push eax
                                                                                                                                                                      push dword ptr fs:[00000000h]
                                                                                                                                                                      lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                      sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                      push ebx
                                                                                                                                                                      push esi
                                                                                                                                                                      push edi
                                                                                                                                                                      mov dword ptr [eax], ebp
                                                                                                                                                                      mov ebp, eax
                                                                                                                                                                      mov eax, dword ptr [006C1024h]
                                                                                                                                                                      xor eax, ebp
                                                                                                                                                                      push eax
                                                                                                                                                                      mov dword ptr [ebp-10h], eax
                                                                                                                                                                      push dword ptr [ebp-04h]
                                                                                                                                                                      mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                      lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                      mov dword ptr fs:[00000000h], eax
                                                                                                                                                                      ret
                                                                                                                                                                      push eax
                                                                                                                                                                      push dword ptr fs:[00000000h]
                                                                                                                                                                      lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                      sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                      push ebx
                                                                                                                                                                      push esi
                                                                                                                                                                      push edi
                                                                                                                                                                      mov dword ptr [eax], ebp
                                                                                                                                                                      mov ebp, eax
                                                                                                                                                                      mov eax, dword ptr [006C1024h]
                                                                                                                                                                      xor eax, ebp
                                                                                                                                                                      push eax
                                                                                                                                                                      mov dword ptr [ebp-10h], esp
                                                                                                                                                                      push dword ptr [ebp-04h]
                                                                                                                                                                      mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                      lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                      mov dword ptr fs:[00000000h], eax

                                                                                                                                                                      Data Directories

                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x2bf5ec0x28.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x2ca0000x24d00.rsrc
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x1b91cd80x3e20
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x2ef0000x26810.reloc
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x267c580x70.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x267d000x18.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x23afa80x40.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x2390000x2cc.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x2bc9980x260.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                      Sections

                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                      .text0x10000x237b1f0x237c0080bc8be932e0885c43ae89685b4f2caeunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .rdata0x2390000x8762c0x878001b8aa1b2bf5ab81c2f62c8876d237202False0.31338827548431736data4.6063411973791215IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .data0x2c10000x8d240x6c00f1f3d5b17e9c25a2a0e0871309677fc7False0.14344618055555555PGP symmetric key encrypted data - Plaintext or unencrypted data salted & iterated -2.9234755461718365IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                      .rsrc0x2ca0000x24d000x24e004968e488d4d51bc7729d91aec637d7e1False0.14067134533898304data5.370139786397373IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .reloc0x2ef0000x268100x26a004f1c0c554ffb6b898804c47a1b2ac00bFalse0.4470507180420712data6.513793248957895IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                      Resources

                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                      IMAGE_FILE0x2cac700x6ISO-8859 text, with no line terminatorsChineseChina2.1666666666666665
                                                                                                                                                                      IMAGE_FILE0x2cac780x6ISO-8859 text, with no line terminatorsChineseChina2.1666666666666665
                                                                                                                                                                      RTF_FILE0x2cac800xa1Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033ChineseChina0.906832298136646
                                                                                                                                                                      RTF_FILE0x2cad240x4b9Rich Text Format data, version 1, ANSI, code page 1252ChineseChina0.35814722911497104
                                                                                                                                                                      RT_BITMAP0x2cb1e00x13eDevice independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 5 important colorsEnglishUnited States0.25471698113207547
                                                                                                                                                                      RT_BITMAP0x2cb3200x828Device independent bitmap graphic, 32 x 16 x 32, image size 0EnglishUnited States0.03017241379310345
                                                                                                                                                                      RT_BITMAP0x2cbb480x48a8Device independent bitmap graphic, 290 x 16 x 32, image size 0EnglishUnited States0.11881720430107527
                                                                                                                                                                      RT_BITMAP0x2d03f00xa6aDevice independent bitmap graphic, 320 x 16 x 4, image size 2562, resolution 2834 x 2834 px/mEnglishUnited States0.21680420105026257
                                                                                                                                                                      RT_BITMAP0x2d0e5c0x152Device independent bitmap graphic, 32 x 16 x 4, image size 258, resolution 2834 x 2834 px/m, 10 important colorsEnglishUnited States0.5295857988165681
                                                                                                                                                                      RT_BITMAP0x2d0fb00x828Device independent bitmap graphic, 32 x 16 x 32, image size 0EnglishUnited States0.4875478927203065
                                                                                                                                                                      RT_ICON0x2d17d80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4264ChineseChina0.027204502814258912
                                                                                                                                                                      RT_ICON0x2d28800x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600ChineseChina0.08703319502074688
                                                                                                                                                                      RT_ICON0x2d4e280x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224ChineseChina0.16463414634146342
                                                                                                                                                                      RT_ICON0x2d5ed00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400ChineseChina0.18565573770491803
                                                                                                                                                                      RT_ICON0x2d68580x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088ChineseChina0.3262411347517731
                                                                                                                                                                      RT_MENU0x2d6cc00x32dataChineseChina1.1
                                                                                                                                                                      RT_MENU0x2d6cf40x1cdataChineseChina1.2142857142857142
                                                                                                                                                                      RT_DIALOG0x2d6d100x98dataChineseChina0.75
                                                                                                                                                                      RT_DIALOG0x2d6da80x1a2dataChineseChina0.6507177033492823
                                                                                                                                                                      RT_DIALOG0x2d6f4c0x2acdataChineseChina0.5277777777777778
                                                                                                                                                                      RT_DIALOG0x2d71f80xa0dataChineseChina0.775
                                                                                                                                                                      RT_DIALOG0x2d72980x148dataChineseChina0.75
                                                                                                                                                                      RT_DIALOG0x2d73e00x178dataChineseChina0.6675531914893617
                                                                                                                                                                      RT_DIALOG0x2d75580xc4dataChineseChina0.6938775510204082
                                                                                                                                                                      RT_DIALOG0x2d761c0x104dataChineseChina0.6615384615384615
                                                                                                                                                                      RT_DIALOG0x2d77200x140dataChineseChina0.63125
                                                                                                                                                                      RT_DIALOG0x2d78600x214dataChineseChina0.650375939849624
                                                                                                                                                                      RT_DIALOG0x2d7a740x16cdataChineseChina0.5714285714285714
                                                                                                                                                                      RT_DIALOG0x2d7be00x104dataChineseChina0.6307692307692307
                                                                                                                                                                      RT_DIALOG0x2d7ce40x4cdataEnglishUnited States0.8289473684210527
                                                                                                                                                                      RT_STRING0x2d7d300x204dataChineseChina0.6608527131782945
                                                                                                                                                                      RT_STRING0x2d7f340x1bcdataChineseChina0.6261261261261262
                                                                                                                                                                      RT_STRING0x2d80f00x158dataChineseChina0.7238372093023255
                                                                                                                                                                      RT_STRING0x2d82480x222dataChineseChina0.5622710622710623
                                                                                                                                                                      RT_STRING0x2d846c0x1fcdataChineseChina0.6948818897637795
                                                                                                                                                                      RT_STRING0x2d86680x3eedataChineseChina0.510934393638171
                                                                                                                                                                      RT_STRING0x2d8a580x3c6dataChineseChina0.4927536231884058
                                                                                                                                                                      RT_STRING0x2d8e200xa2dataChineseChina0.8765432098765432
                                                                                                                                                                      RT_STRING0x2d8ec40x1f8dataChineseChina0.7916666666666666
                                                                                                                                                                      RT_STRING0x2d90bc0x11edataChineseChina0.6048951048951049
                                                                                                                                                                      RT_STRING0x2d91dc0x18adataEnglishUnited States0.5228426395939086
                                                                                                                                                                      RT_STRING0x2d93680x216Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.46254681647940077
                                                                                                                                                                      RT_STRING0x2d95800x624dataEnglishUnited States0.3575063613231552
                                                                                                                                                                      RT_STRING0x2d9ba40x660dataEnglishUnited States0.3474264705882353
                                                                                                                                                                      RT_STRING0x2da2040x2e2dataEnglishUnited States0.4037940379403794
                                                                                                                                                                      RT_GROUP_ICON0x2da4e80x14dataChineseChina1.1
                                                                                                                                                                      RT_VERSION0x2da4fc0x118PDP-11 overlaid pure executable not strippedChineseChina0.6214285714285714
                                                                                                                                                                      RT_HTML0x2da6140x3835ASCII text, with very long lines (443), with CRLF line terminatorsEnglishUnited States0.08298005420807561
                                                                                                                                                                      RT_HTML0x2dde4c0x1316ASCII text, with CRLF line terminatorsEnglishUnited States0.18399508800654932
                                                                                                                                                                      RT_HTML0x2df1640x52bHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.36281179138321995
                                                                                                                                                                      RT_HTML0x2df6900x6acdHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.10679931238798873
                                                                                                                                                                      RT_HTML0x2e61600x6a2HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3486454652532391
                                                                                                                                                                      RT_HTML0x2e68040x104aHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.2170263788968825
                                                                                                                                                                      RT_HTML0x2e78500x15b1HTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.17612101566720692
                                                                                                                                                                      RT_HTML0x2e8e040x205cexported SGML document, ASCII text, with very long lines (659), with CRLF line terminatorsEnglishUnited States0.13604538870111058
                                                                                                                                                                      RT_HTML0x2eae600x368dHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.10834228428213391
                                                                                                                                                                      RT_MANIFEST0x2ee4f00x80fXML 1.0 document, ASCII text, with CRLF, LF line terminatorsChineseChina0.40814348036839554

                                                                                                                                                                      Imports

                                                                                                                                                                      DLLImport
                                                                                                                                                                      KERNEL32.dllCreateFileW, CloseHandle, WriteFile, DeleteFileW, HeapDestroy, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, GetProcessHeap, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, CreateEventExW, WaitForSingleObject, SetEvent, RemoveDirectoryW, GetTempPathW, GetTempFileNameW, CreateDirectoryW, MoveFileW, GetLastError, EnterCriticalSection, LeaveCriticalSection, GetModuleFileNameW, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, GetCurrentThreadId, RaiseException, SetLastError, GlobalUnlock, GlobalLock, GlobalAlloc, MulDiv, lstrcmpW, CreateEventW, FindClose, FindFirstFileW, GetFullPathNameW, InitializeCriticalSection, lstrcpynW, CreateThread, GetProcAddress, LoadLibraryExW, GetCurrentProcess, Sleep, WideCharToMultiByte, GetDiskFreeSpaceExW, DecodePointer, GetExitCodeThread, GetCurrentProcessId, FreeLibrary, GetSystemDirectoryW, lstrlenW, VerifyVersionInfoW, VerSetConditionMask, lstrcmpiW, GetModuleHandleW, LoadLibraryW, GetDriveTypeW, CompareStringW, FindNextFileW, GetLogicalDriveStringsW, GetFileSize, GetFileAttributesW, GetShortPathNameW, SetFileAttributesW, GetFileTime, CopyFileW, ReadFile, SetFilePointer, SystemTimeToFileTime, MultiByteToWideChar, GetSystemInfo, WaitForMultipleObjects, VirtualProtect, VirtualQuery, LoadLibraryExA, GetStringTypeW, SetUnhandledExceptionFilter, FileTimeToSystemTime, GetEnvironmentVariableW, GetSystemTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, CreateProcessW, GetExitCodeProcess, GetWindowsDirectoryW, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, FormatMessageW, GetEnvironmentStringsW, LocalFree, InitializeCriticalSectionEx, LoadLibraryA, GetModuleFileNameA, GetCurrentThread, GetConsoleOutputCP, FlushFileBuffers, Wow64DisableWow64FsRedirection, Wow64RevertWow64FsRedirection, IsWow64Process, SetConsoleTextAttribute, GetStdHandle, GetConsoleScreenBufferInfo, OutputDebugStringW, GetTickCount, GetCommandLineW, SetCurrentDirectoryW, SetEndOfFile, EnumResourceLanguagesW, GetSystemDefaultLangID, GetUserDefaultLangID, GetLocalTime, ResetEvent, GlobalFree, GetPrivateProfileStringW, GetPrivateProfileSectionNamesW, WritePrivateProfileStringW, CreateNamedPipeW, ConnectNamedPipe, TerminateThread, LocalAlloc, CompareFileTime, CopyFileExW, OpenEventW, PeekNamedPipe, WaitForSingleObjectEx, QueryPerformanceCounter, QueryPerformanceFrequency, EncodePointer, LCMapStringEx, CompareStringEx, GetCPInfo, GetSystemTimeAsFileTime, IsDebuggerPresent, InitializeSListHead, InterlockedPopEntrySList, InterlockedPushEntrySList, FlushInstructionCache, IsProcessorFeaturePresent, VirtualAlloc, VirtualFree, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, RtlUnwind, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, ExitProcess, GetFileType, LCMapStringW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetTimeZoneInformation, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, ReadConsoleW, WriteConsoleW

                                                                                                                                                                      Possible Origin

                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                      ChineseChina
                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                      Network Behavior

                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                      2024-12-29T02:00:59.160911+01002052875ET MALWARE Anonymous RAT CnC Checkin1192.168.2.449738154.82.113.13963701TCP
                                                                                                                                                                      2024-12-29T02:01:59.365782+01002052875ET MALWARE Anonymous RAT CnC Checkin1192.168.2.449738154.82.113.13963701TCP

                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                      TCP Packets

                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                      Dec 29, 2024 02:00:55.952665091 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:00:56.072372913 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:56.072453976 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:00:58.666910887 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:00:58.786726952 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.786740065 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.786768913 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.786778927 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.786798954 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:00:58.786817074 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.786874056 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:00:58.786907911 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.786917925 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.786921978 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.786933899 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.786963940 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.786967993 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:00:58.786998034 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:00:58.906502962 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.906519890 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.906539917 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.906550884 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.906610012 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:00:58.906688929 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:00:58.906689882 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.906701088 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.906778097 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.906892061 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.906994104 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.907074928 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.907160044 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.907246113 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:58.907337904 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:59.026370049 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:59.026392937 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:59.026474953 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:59.026484966 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:59.160911083 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:00:59.280833960 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:59.632272959 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:59.675297976 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:00:59.833092928 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:00:59.833707094 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:00:59.953356028 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:00.034226894 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:00.081548929 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:01.605621099 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:01.725471973 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:01.725518942 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:01.725533009 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:01.725617886 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:01.725656986 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:01.725724936 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:01.725738049 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:01.725811005 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:01.725924015 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:01.725939035 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:01.844873905 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:01.844952106 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:01.844968081 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:01.845058918 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:02.206948042 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:02.327632904 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:02.748389006 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:02.800270081 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:04.219268084 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:04.339128017 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:04.339149952 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:04.339189053 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:04.339198112 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:04.339207888 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:04.339263916 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:04.339298964 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:04.339309931 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:04.339490891 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:04.339499950 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:04.458662987 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:04.458678961 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:04.458698034 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:04.458707094 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:05.269406080 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:05.389086962 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:05.804959059 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:05.847122908 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:07.211688995 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:07.331625938 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:07.331650972 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:07.331665039 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:07.331676006 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:07.331687927 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:07.331798077 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:07.331809044 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:07.331818104 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:07.331907034 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:07.331917048 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:07.451371908 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:07.451391935 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:07.451404095 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:07.451433897 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:08.316188097 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:08.435813904 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:08.851557016 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:08.894007921 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:10.385698080 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:10.505378008 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:10.505393028 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:10.505464077 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:10.505472898 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:10.505539894 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:10.505548954 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:10.505621910 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:10.505665064 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:10.505743027 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:10.505750895 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:10.505820990 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:10.505831003 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:10.505887985 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:10.505903959 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:11.440987110 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:11.560662031 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:11.976552963 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:12.034610987 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:12.922003984 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:13.041806936 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:13.041861057 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:13.041887045 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:13.041896105 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:13.041899920 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:13.041908979 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:13.041984081 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:13.041994095 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:13.042064905 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:13.042073011 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:13.042100906 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:13.042133093 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:13.042206049 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:13.042215109 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:14.487906933 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:14.607724905 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:15.023763895 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:15.065880060 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:15.831228018 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:15.950997114 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:15.951024055 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:15.951033115 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:15.951042891 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:15.951071024 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:15.951080084 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:15.951093912 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:15.951148033 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:15.951203108 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:15.951212883 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:15.951256990 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:15.951265097 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:15.951342106 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:15.951350927 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:17.535661936 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:17.655249119 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:18.070965052 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:18.112718105 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:18.932303905 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:19.052113056 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:19.052126884 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:19.052139997 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:19.052155018 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:19.052237988 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:19.052254915 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:19.052365065 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:19.052371979 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:19.052421093 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:19.052438974 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:19.052491903 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:19.061633110 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:19.061644077 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:19.061724901 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:20.581856966 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:20.701761961 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:21.117676973 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:21.159604073 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:21.951864958 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:22.071728945 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:22.071777105 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:22.071811914 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:22.071841955 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:22.071883917 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:22.071903944 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:22.072012901 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:22.072033882 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:22.072164059 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:22.072173119 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:22.072210073 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:22.072225094 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:22.072329998 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:22.072340965 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:23.628667116 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:23.748194933 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:24.164005995 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:24.206496000 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:24.891374111 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:25.011288881 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:25.011308908 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:25.011384964 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:25.011398077 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:25.011426926 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:25.011451006 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:25.011535883 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:25.011559010 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:25.011636019 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:25.011648893 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:25.011728048 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:25.011739969 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:25.011801958 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:25.011826992 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:26.675683022 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:26.795212984 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:27.226387978 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:27.268994093 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:27.589026928 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:27.708826065 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:27.708843946 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:27.708859921 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:27.708894014 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:27.708923101 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:27.708949089 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:27.709054947 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:27.709130049 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:27.709137917 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:27.709150076 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:27.709235907 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:27.709248066 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:27.709364891 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:27.709372997 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:29.676533937 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:29.796313047 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:30.212548018 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:30.253330946 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:30.615385056 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:30.735331059 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:30.735352039 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:30.735359907 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:30.735375881 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:30.735383987 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:30.735393047 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:30.735785007 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:30.735794067 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:30.735802889 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:30.735810995 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:30.735820055 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:30.735829115 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:30.735836029 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:30.735843897 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:32.395423889 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:32.514990091 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:32.931170940 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:32.972135067 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:33.317588091 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:33.437310934 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:33.437324047 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:33.437408924 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:33.437437057 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:33.437529087 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:33.437552929 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:33.437593937 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:33.437623978 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:33.437694073 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:33.437736988 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:33.437814951 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:33.437828064 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:33.437912941 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:33.437922001 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:34.878447056 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:34.998275995 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:35.414180994 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:35.456500053 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:35.807760954 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:35.927445889 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:35.927463055 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:35.927478075 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:35.927489042 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:35.927525997 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:35.927577972 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:35.927669048 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:35.927712917 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:35.927766085 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:35.927791119 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:35.927891970 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:35.927975893 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:35.927983999 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:35.927989960 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:37.112854958 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:37.232712030 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:37.778522968 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:37.831448078 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:38.123756886 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:38.243403912 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:38.243444920 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:38.243482113 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:38.243509054 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:38.243607998 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:38.243623018 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:38.243715048 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:38.243722916 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:38.243820906 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:38.243829966 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:38.243936062 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:38.243944883 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:38.243977070 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:38.244030952 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:39.144124031 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:39.263715982 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:39.680636883 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:39.722098112 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:40.039774895 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:40.161266088 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:40.161278009 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:40.161286116 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:40.161289930 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:40.161294937 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:40.163613081 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:40.163624048 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:40.163633108 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:40.163642883 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:40.165205956 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:40.165215969 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:40.165352106 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:40.165360928 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:40.165368080 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:40.972951889 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:41.092464924 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:41.508443117 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:41.550179005 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:41.837929964 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:41.958409071 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:41.958448887 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:41.958465099 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:41.958468914 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:41.958477020 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:41.958838940 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:41.958910942 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:41.958986044 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:41.958995104 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:41.959424973 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:41.959470987 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:41.959578991 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:41.959588051 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:41.959604979 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:42.646936893 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:42.766583920 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:43.182615042 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:43.237658024 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:43.530409098 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:43.650208950 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:43.650237083 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:43.650253057 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:43.650262117 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:43.650336981 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:43.650365114 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:43.650470018 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:43.650496006 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:43.650537968 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:43.650578976 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:43.650674105 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:43.650681973 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:43.650747061 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:43.650754929 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:44.144349098 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:44.264100075 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:44.679852009 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:44.722192049 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:45.024422884 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:45.143969059 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:45.144052982 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:45.144062996 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:45.144150019 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:45.144165993 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:45.144294024 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:45.144304037 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:45.144474983 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:45.144499063 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:45.144563913 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:45.144599915 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:45.144680977 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:45.144711971 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:45.144773006 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:45.503518105 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:45.623163939 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:46.039206982 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:46.081422091 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:46.383327007 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:46.503015995 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:46.503038883 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:46.503083944 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:46.503098965 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:46.503279924 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:46.503288984 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:46.503326893 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:46.503334999 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:46.503381968 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:46.503427029 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:46.503503084 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:46.503535986 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:46.503588915 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:46.503634930 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:46.722170115 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:46.841897964 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:47.257715940 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:47.300297022 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:47.677556038 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:47.797326088 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:47.797342062 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:47.797358036 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:47.797394991 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:47.797425032 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:47.797434092 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:47.797463894 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:47.797497034 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:47.797580957 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:47.797596931 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:47.797666073 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:47.797674894 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:47.797802925 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:47.797811985 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:47.831577063 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:47.950952053 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:48.431732893 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:48.472039938 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:48.790611029 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:48.910429955 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:48.910468102 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:48.910485029 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:48.910495996 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:48.910537004 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:48.910542011 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:48.910581112 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:48.910690069 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:48.910702944 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:48.910770893 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:48.910779953 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:48.910845995 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:48.910856009 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:48.910938978 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:48.910954952 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:49.030316114 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:49.543267965 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:49.597052097 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:49.952071905 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:50.071656942 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:50.393826008 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:50.487632036 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:50.513515949 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:50.513533115 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:50.513546944 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:50.513605118 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:50.513747931 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:50.513767958 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:50.513833046 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:50.513854027 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:50.513942957 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:50.513969898 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:50.514034986 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:50.514056921 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:50.514147043 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:50.514192104 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:50.534568071 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:50.786087990 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:50.890465975 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:50.905765057 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.010493040 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.010514021 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.010538101 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.010552883 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.010577917 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.010600090 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.010647058 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.010658979 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.010761023 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.010772943 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.010849953 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.010862112 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.010957003 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.010968924 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.399645090 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.440804005 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:51.536818981 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:51.656296968 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.751085997 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:51.870791912 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.870811939 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.870929956 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.870938063 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.871042967 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.871068954 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.871160030 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.871169090 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.871207952 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.871247053 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.871285915 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.871336937 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.871371031 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:51.871536970 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:52.072114944 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:52.128441095 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:52.206886053 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:52.326559067 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:52.462614059 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:52.582422972 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:52.582447052 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:52.582454920 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:52.582461119 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:52.582560062 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:52.582576990 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:52.582647085 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:52.582681894 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:52.582823038 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:52.582840919 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:52.582951069 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:52.582958937 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:52.583048105 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:52.583056927 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:52.756035089 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:52.800291061 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:52.831578970 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:52.951297045 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.119704008 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:53.239392042 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.239407063 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.239485025 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.239507914 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.239594936 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.239624977 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.239696026 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.239706039 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.239825010 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.239834070 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.239929914 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.239940882 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.240053892 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.240071058 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.367038965 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.395709991 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:53.515459061 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.751379967 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:53.872147083 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.872163057 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.872246981 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.872256994 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.872287989 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.872678041 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.872685909 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.872695923 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.872775078 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.873363972 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.873373032 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.873464108 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.873475075 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.873477936 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:53.894098043 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:53.962378025 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.003329992 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:54.013865948 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.310992956 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:54.430917025 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.430932045 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.430974007 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:54.431138039 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.431148052 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.431219101 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.431310892 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.431509972 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.431518078 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.431529045 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.431561947 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.431926966 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.431936026 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.431943893 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.431952953 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.503937006 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.550190926 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:54.550591946 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.800503016 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:54.858304977 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:54.920036077 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.977839947 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.977870941 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.977943897 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.977962971 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.977973938 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.978159904 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.978168964 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.978267908 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.978276968 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.978286982 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.978302956 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.978432894 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.978441954 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:54.978451967 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.061912060 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.112705946 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:55.175544977 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:55.295274019 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.335774899 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.378338099 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:55.417953968 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:55.537930012 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.537945032 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.537960052 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.537971020 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.537978888 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.537987947 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.537996054 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.538048029 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:55.538054943 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.538114071 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.538182020 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.538336992 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.538345098 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.538355112 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.538364887 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.657809973 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.743793011 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:55.804537058 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.847033978 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:55.863537073 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.863558054 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.863574028 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.863581896 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.863590956 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:55.863616943 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.863626003 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.863696098 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.863706112 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.863773108 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.863782883 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.863850117 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.863898993 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.863946915 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.863955021 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:55.983118057 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.128568888 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:56.138344049 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:56.169770002 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.222091913 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:56.248251915 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.258023024 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.258038044 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.258135080 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.258156061 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.258249998 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.258282900 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.258414030 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.258424044 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.258538008 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.258548975 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.258722067 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.258730888 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.258820057 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.258877993 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.394731998 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:56.493607998 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.514400005 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.534579039 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:56.534687042 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:56.654216051 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.654345036 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:56.696145058 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.696165085 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.696172953 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.696181059 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.696185112 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.696196079 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.696212053 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.696219921 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.696228981 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.696239948 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.696248055 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.696257114 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.696269035 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.696276903 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.737678051 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:56.829894066 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.847701073 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:56.893294096 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:56.943252087 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.967433929 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:56.987658024 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:57.013231039 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.013263941 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.013273954 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.013283968 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.013339996 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.013420105 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.013508081 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.013582945 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.013595104 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.068974972 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:57.188529968 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.255064964 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:57.286928892 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.305742979 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:57.374742031 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.425441027 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.425472021 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.425518990 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.425632954 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.425646067 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.425720930 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.425755024 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.448081970 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:57.530143023 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.567811012 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.581434011 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:57.603071928 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:57.648283005 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.689059973 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:57.722567081 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.808891058 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.808959007 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.809072018 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.809086084 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.809118986 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.809137106 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:57.809204102 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.809238911 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.890240908 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:57.890465975 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:57.928636074 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.010282993 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.010499001 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:58.049732924 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:58.107690096 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.107948065 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:58.130009890 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.170284033 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.170300007 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.171308041 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.171334028 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.172431946 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.172483921 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.172553062 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.227617979 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.227665901 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:58.331473112 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.331584930 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:58.347259045 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.428325891 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:58.451100111 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.548155069 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.548223019 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.548234940 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.548242092 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.548271894 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.548306942 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.548307896 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:58.548420906 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.588876963 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.597018003 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:58.652503967 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.652637959 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:58.667897940 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.765024900 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.765084028 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:58.772151947 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.772222996 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:58.835722923 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:58.884620905 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.884680986 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:58.892065048 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.955482960 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.955512047 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.955540895 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:58.955635071 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.955765963 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.955804110 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.955889940 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.955924988 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.973257065 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:58.973329067 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.044969082 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.045025110 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.075133085 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.092844009 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.164625883 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.164767027 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.191309929 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.237778902 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.267472029 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.329031944 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.329085112 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.365736961 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.365782022 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.387372017 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.387387037 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.387394905 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.387407064 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.387562037 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.387661934 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.387670994 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.434047937 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.434103966 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.448718071 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.485353947 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.485486984 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.553792000 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.553852081 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.566837072 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.588500023 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.588643074 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.648977995 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.649064064 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.673552036 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.673604965 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.705833912 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.708170891 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.708311081 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.754959106 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.756333113 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.793216944 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.806329012 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.808444977 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.825511932 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.825584888 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.825704098 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.825714111 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.825881958 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.825948000 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.825978994 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.868942976 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.874615908 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.874670029 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.875823975 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.928061008 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.928159952 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:01:59.994302988 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:01:59.994369030 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.026886940 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.026947021 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.088927984 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.089126110 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.114125967 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.116297960 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.146738052 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.165013075 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.195445061 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.196650028 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.236035109 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.236465931 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.248985052 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.284913063 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.284945965 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.285026073 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.285124063 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.285161972 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.285161972 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.285239935 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.285268068 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.356187105 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.356295109 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.475892067 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.476183891 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.485918999 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.486151934 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.605731964 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.605854034 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.651603937 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.677136898 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.677218914 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.724806070 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.728365898 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.771290064 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.771373987 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.771414995 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.771517992 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.771521091 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.771568060 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.771647930 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.771733999 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.772286892 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.796833992 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.800354004 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.834867001 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.874182940 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.891196012 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.892541885 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.919950008 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.920397043 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.921895981 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.922056913 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.951920986 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.954571962 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.956429958 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:00.993716002 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:00.993875980 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.040045977 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.040183067 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.071717024 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.071870089 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.075951099 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.076318979 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.087574005 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.121108055 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.121254921 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.191415071 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.191427946 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.191515923 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.196693897 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.208158016 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.208264112 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.208275080 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.208400965 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.208410978 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.241564989 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.241997004 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.308645964 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.308676958 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.308752060 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.361479044 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.361604929 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.371906042 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.371958971 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.372113943 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.399966955 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.408448935 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.412390947 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.416956902 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.420348883 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.436052084 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.436079979 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.436322927 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.465110064 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.489263058 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.489301920 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.489619017 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.519629955 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.519862890 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.531923056 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.532144070 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.555787086 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.556169033 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.562699080 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.577351093 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.577374935 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.577461004 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.584726095 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.584861994 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.618048906 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.618350983 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.629513979 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.629590988 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.637460947 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.651629925 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.651815891 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.681900024 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.681971073 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.720885038 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.720971107 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.740972996 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.741039038 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.757143974 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.757241011 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.757292986 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.757332087 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.757452965 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.757528067 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.757690907 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.757699966 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.757731915 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.771357059 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.771585941 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.785955906 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.786055088 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.810352087 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.810518980 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.852859020 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.852957964 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.876863956 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.876931906 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.891103983 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.891191959 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.930037975 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.930174112 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.943804026 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.943897963 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.948858976 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.948985100 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.949057102 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.953016996 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.954965115 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.996469021 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.996579885 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:01.996851921 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:01.996978045 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.028458118 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.041846991 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.044374943 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.056816101 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.056884050 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.057018042 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.060872078 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.064338923 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.093748093 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.116451979 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.120062113 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.131278038 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.131352901 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.140079975 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.148106098 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.148340940 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.173671961 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.174225092 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.184190989 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.184345961 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.197664022 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.198112011 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.213447094 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.216392994 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.250900984 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.252430916 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.259685993 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.259752035 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.259773016 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.259865046 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.259915113 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.260052919 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.260068893 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.267910957 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.268323898 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.298650980 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.304311037 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.308351040 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.317430973 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.320343971 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.335966110 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.336307049 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.349384069 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.349687099 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.378220081 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.378374100 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.414802074 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.415035963 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.418453932 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.435305119 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.435399055 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.435539007 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.435570002 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.456197023 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.492953062 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.493146896 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.534676075 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.537293911 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.582300901 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.582340956 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.582456112 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.619657993 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.619774103 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.636416912 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.657794952 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.658175945 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.658189058 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.658224106 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.658246994 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.685771942 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.699539900 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.699553967 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.699647903 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.782335043 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.806555033 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.806730032 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.806755066 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.806862116 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.806898117 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.806967020 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.814029932 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.815834045 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.845339060 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.845376968 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.845527887 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.900464058 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.978993893 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.979017019 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:02.979075909 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:02.985135078 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:03.014930010 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.144819021 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.148323059 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:03.180044889 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.267884970 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.267965078 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:03.305915117 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.306025982 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:03.387465000 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.387536049 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:03.425559044 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.425775051 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:03.507133961 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.507525921 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:03.545418024 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.545499086 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:03.562006950 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:03.588727951 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.588834047 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:03.627034903 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.628274918 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:03.664999962 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.665828943 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:03.681734085 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.681756020 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.681813002 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:03.681855917 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.681950092 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.681961060 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.681983948 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.708427906 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.710748911 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:03.746587038 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.748347044 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:03.785403013 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.830415010 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.832360029 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:03.932908058 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.933365107 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:03.948987961 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.951874018 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:03.998035908 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.044511080 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.044558048 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.044574976 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.052850008 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.053306103 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.087867975 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.117912054 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.117966890 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.118012905 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.118050098 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.118122101 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.118135929 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.118164062 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.120292902 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.153139114 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.153402090 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.172789097 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.173258066 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.207655907 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.207890034 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.239880085 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.240108967 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.292841911 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.293009996 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.319077015 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.320385933 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.353578091 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.359689951 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.359873056 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.388111115 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.417762995 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.430505991 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.439919949 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.440375090 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.473248959 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.473345041 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.474129915 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.474175930 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.507841110 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.508016109 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.537590027 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.537715912 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.550419092 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.550430059 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.550441027 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.550492048 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.550512075 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.550565958 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.550657034 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.550677061 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.560910940 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.561101913 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.593681097 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.593750000 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.625128031 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.625160933 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.625246048 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.625284910 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.657299042 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.657393932 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.674487114 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.674550056 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.709131956 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.709207058 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.738775969 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.738812923 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.738893986 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.744961023 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.745022058 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.750832081 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.750884056 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.750889063 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.780561924 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.794115067 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.794250965 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.825823069 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.826056957 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.826129913 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.856817961 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.858438015 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.858526945 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.858530998 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.870431900 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.870556116 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.896857023 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.896915913 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.897002935 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.900207043 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.900320053 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.908910036 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.908910036 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.945374966 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.945493937 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.945518970 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.951843023 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.951890945 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.965368032 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.965425968 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.965456963 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.965496063 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.969469070 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.969516039 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.976414919 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:04.976527929 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:04.978148937 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.016628981 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.016807079 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.028511047 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.028526068 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.028671980 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.028695107 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.028887033 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.028896093 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.028980970 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.059911013 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.059984922 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.071374893 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.071531057 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.089037895 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.089108944 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.115108013 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.115185022 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.166234970 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.166349888 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.178877115 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.178978920 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.191026926 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.191133976 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.221544981 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.234699965 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.234837055 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.266304970 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.266407967 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.298540115 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.298626900 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.317084074 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.317109108 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.317162037 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.317189932 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.337707043 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.341208935 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.362896919 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.362931013 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.363042116 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.372319937 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.379851103 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.409959078 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.410079002 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.410120964 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.446160078 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.446268082 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.446316004 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.487104893 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.488302946 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.491914034 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.491942883 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.492049932 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.492185116 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.492229939 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.492297888 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.532881021 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.542531967 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.542582989 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.542694092 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.587145090 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.607868910 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.647360086 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.648346901 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.666167021 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.683820009 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.727905989 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.728008986 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.728116035 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.771903992 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.771971941 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.771986961 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.785726070 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.815756083 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.884859085 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.888310909 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:05.891455889 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:05.929056883 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.008091927 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.008186102 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.127790928 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.127856016 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.170038939 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.170089960 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.247380972 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.247487068 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.263613939 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.289630890 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.292323112 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.342012882 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.367088079 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.368372917 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.371088028 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.372303009 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.383292913 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.383456945 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.383466959 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.383476973 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.383531094 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.383580923 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.383649111 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.383690119 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.411964893 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.412302017 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.461750984 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.462161064 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.491871119 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.492049932 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.503196955 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.504323006 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.568507910 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.568588018 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.611660004 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.611802101 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.668955088 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.669219971 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.688206911 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.688296080 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.731375933 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.732306004 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.772401094 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.783016920 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.784318924 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.788865089 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.792335987 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.800570965 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.800596952 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.800678015 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.812886953 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.816354990 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.845993042 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.875780106 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.878808975 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.878916025 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.879040003 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.892427921 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.892484903 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.892617941 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.892654896 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.896315098 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.911909103 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.912331104 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.935997963 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.936366081 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.965786934 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.966063976 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.986376047 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.986437082 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.986506939 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:06.995440960 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:06.995713949 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.012269020 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.012383938 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.031918049 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.032047033 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.053286076 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.053344011 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.085710049 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.085892916 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.093648911 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.115434885 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.115916014 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.151588917 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.151870012 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.199732065 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.200078964 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.213521004 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.213582993 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.245929956 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.254334927 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.254336119 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.271450043 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.272536039 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.287133932 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.287158012 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.287200928 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.316880941 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.318485975 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.333156109 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.365634918 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.366426945 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.373913050 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.374119043 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.374164104 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.374212980 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.374310970 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.374321938 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.374428988 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.374437094 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.382888079 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.382960081 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.383048058 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.406826019 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.410387039 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.415111065 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.415210962 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.415324926 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.463973045 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.472728968 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.474503040 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.486031055 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.486089945 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.486274004 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.493694067 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.498446941 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.517836094 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.518037081 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.534357071 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.534495115 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.566984892 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.567074060 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.583803892 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.583899975 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.597487926 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.597975016 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.618005037 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.618122101 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.639233112 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.639605999 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.686713934 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.687160015 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.694197893 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.703669071 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.703723907 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.737704992 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.737782955 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.768095016 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.768522024 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.791214943 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.791279078 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.791296959 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.791348934 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.807123899 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.807260036 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.814022064 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.814115047 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.814174891 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.814194918 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.814280987 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.823193073 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.823288918 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.861305952 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.888113022 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.888189077 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.904925108 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.904987097 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.918791056 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.918862104 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.933578014 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.933852911 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.968506098 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:07.980952024 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:07.983052015 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.005656958 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.005717039 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.005762100 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.005795002 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.009807110 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.012284994 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.024563074 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.024830103 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.026612997 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.026670933 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.036988974 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.040323019 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.053297997 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.056330919 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.088344097 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.088813066 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.119750023 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.120253086 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.131807089 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.134812117 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.134862900 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.134886980 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.134917974 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.146131039 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.146205902 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.175836086 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.176292896 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.182255030 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.190417051 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.225905895 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.226149082 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.238115072 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.238615990 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.265702963 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.265896082 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.310209990 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.310240984 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.310262918 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.310281992 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.310374022 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.310406923 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.310534954 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.310585022 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.345630884 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.345935106 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.358217001 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.358297110 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.409859896 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.410114050 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.425734997 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.425798893 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.425925016 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.465428114 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.465542078 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.466917038 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.505553961 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.505614042 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.505635023 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.545484066 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.545591116 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.559436083 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.559544086 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.559639931 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.559684038 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.559686899 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.625247002 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.625323057 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.626667023 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.626707077 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.650382996 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.659934044 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.659962893 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.660006046 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.679109097 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.679270029 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.713634014 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.728892088 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.729031086 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.730896950 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.730959892 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.745095968 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.745270014 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.746176004 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.746231079 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.770307064 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.770319939 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.770328045 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.770401001 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.770500898 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.770533085 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.770543098 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.779548883 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.779649019 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.786211967 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.786305904 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.833316088 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.833535910 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.848602057 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.848686934 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.860893011 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.860951900 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.865658045 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.865724087 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.880379915 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.880433083 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.899235010 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.899333954 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.946216106 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.946281910 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.947241068 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.947288036 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.968318939 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.968462944 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.971343040 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.971388102 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:08.985212088 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:08.985274076 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.018919945 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.018985033 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.034638882 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.034696102 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.066770077 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.066849947 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.076756954 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.091042042 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.091140032 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.091204882 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.138585091 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.138680935 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.148396015 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.148452044 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.169619083 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.169692993 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.181782961 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.181875944 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.196527958 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.196558952 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.196630955 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.196697950 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.196736097 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.196779966 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.196870089 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.196878910 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.202653885 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.202753067 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.233808994 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.252801895 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.252959013 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.258203030 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.258316040 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.265556097 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.265645981 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.265672922 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.265706062 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.269700050 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.269778013 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.289369106 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.289622068 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.316204071 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.316324949 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.322297096 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.322376966 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.323031902 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.323079109 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.323123932 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.353591919 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.353774071 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.377777100 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.377877951 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.382721901 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.382782936 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.389353037 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.397780895 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.397850990 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.404020071 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.404073000 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.418065071 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.441839933 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.441975117 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.459536076 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.459594965 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.490422010 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.490945101 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.502424955 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.554835081 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.554934978 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.579138041 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.579229116 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.599684000 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.610517025 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.610605955 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.642529964 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.642631054 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.674442053 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.698895931 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.699002028 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.719475985 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.719513893 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.719525099 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.719572067 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.719686985 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.719702959 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.719731092 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.762227058 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.762306929 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.762631893 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.762696028 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.789469957 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.789489985 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.789577007 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.793576002 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.794034958 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.794137955 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.830120087 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.830137968 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.830334902 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.839191914 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.909069061 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.909188986 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.910186052 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.910248041 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.910286903 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.910330057 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.917488098 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.917665958 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.949934006 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.950045109 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:09.990423918 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:09.990607977 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.019843102 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.019912958 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.029782057 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.032356024 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.062565088 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.066272020 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.069554090 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.072323084 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.083144903 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.084345102 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.115305901 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.139331102 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.139348984 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.139491081 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.151859045 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.151997089 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.182231903 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.184410095 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.185992002 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.186016083 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.186054945 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.186198950 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.186244011 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.186259985 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.204065084 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.204312086 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.220923901 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.224334955 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.234940052 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.235691071 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.267704010 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.270915031 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.270968914 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.271018982 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.303870916 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.303981066 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.339215994 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.339262009 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.339323044 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.355165958 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.355268955 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.387469053 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.387628078 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.423490047 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.423594952 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.436141968 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.436239004 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.474863052 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.475392103 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.545766115 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.545922041 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.553432941 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.553459883 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.553517103 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.572168112 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.594953060 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.595045090 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.599419117 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.599473953 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.599529982 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.624788046 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.625094891 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.673015118 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.676002979 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.676115990 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.677195072 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.677268982 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.677315950 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.691881895 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.691961050 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.692047119 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.692194939 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.692297935 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.692307949 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.708694935 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.712330103 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.718991995 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.720310926 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.752861023 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.788872004 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.788949013 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.795654058 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.795757055 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.796083927 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.796149015 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.805810928 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.805856943 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.805898905 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.805932045 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.809935093 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.810024977 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.832036018 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.832163095 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.861273050 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.861365080 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.872512102 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.872606993 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.876121998 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.876163006 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.876187086 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.876209974 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.893135071 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.893197060 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.915348053 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.915460110 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.929538012 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.929626942 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.980977058 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.981153011 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:10.996913910 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:10.996980906 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.033345938 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.033493042 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.049221039 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.049310923 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.065078020 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.109922886 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.110411882 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.116413116 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.116750956 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.152981997 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.153070927 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.168929100 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.169152975 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.182207108 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.182338953 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.184885979 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.184938908 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.184988022 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.185004950 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.185084105 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.185179949 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.185189009 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.236278057 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.236512899 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.272671938 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.272758961 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.289378881 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.289407015 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.289477110 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.304486036 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.304558039 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.317615032 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.317688942 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.349776983 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.349848986 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.349945068 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.381369114 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.386087894 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.388329983 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.409094095 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.412348032 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.437242985 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.440356970 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.474078894 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.476378918 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.501235008 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.503161907 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.503390074 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.505666018 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.532058001 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.532385111 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.546224117 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.546255112 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.546396971 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.551923990 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.595990896 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.596323013 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.610129118 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.610214949 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.652101040 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.652245998 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.670758009 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.670818090 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.671621084 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.671653986 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.671683073 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.671787977 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.671870947 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.671956062 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.671964884 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.709131002 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.709181070 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.729836941 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.733261108 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.747234106 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.747627020 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.761250973 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.790410042 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.815743923 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.828680038 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.848583937 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.853351116 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.853765965 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.867196083 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.867443085 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.917175055 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.918332100 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.918343067 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.918371916 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.931199074 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.932305098 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:11.948226929 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.973294973 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:11.974740982 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:12.013652086 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.013688087 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.013886929 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:12.019458055 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:12.068315029 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.088679075 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.088741064 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.088865042 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:12.119385958 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.120275974 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:12.122648001 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:12.149331093 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.169511080 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.172410965 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:12.242921114 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.242934942 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.242938995 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.242947102 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.242957115 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.243004084 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:12.285723925 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.290515900 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.292403936 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:12.292805910 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.362618923 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.364379883 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:12.443542004 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.443847895 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:12.484062910 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.563471079 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.606303930 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:12.685277939 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.688306093 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:12.726141930 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.726252079 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.726306915 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.726424932 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.726434946 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.807971954 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.808047056 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:12.918272972 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:12.927397013 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.927905083 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:12.928056002 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:12.995100975 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.037317991 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.037962914 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.047606945 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.047700882 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.067014933 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.114700079 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.114808083 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.143115997 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.144278049 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.157016993 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.186726093 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.186801910 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.186925888 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.187037945 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.187094927 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.231977940 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.263854980 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.263959885 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.352834940 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.353423119 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.358153105 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.436906099 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.436980009 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.465017080 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.465044022 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.465096951 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.473124981 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.473195076 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.555946112 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.556637049 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.556715965 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.583194971 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.583210945 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.583344936 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.585541964 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.585583925 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.585642099 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.585670948 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.636877060 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.637053967 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.666074038 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.666228056 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.676146030 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.676470041 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.676698923 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.676964045 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.676975012 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.677000999 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.677074909 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.703088045 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.703319073 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.734627008 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.757659912 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.757900000 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.757910013 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.757982016 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.787615061 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.796013117 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.796185017 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.837001085 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.837023020 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.837101936 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.854350090 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.854485035 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.907393932 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.907507896 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.915766954 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.915848017 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:13.974247932 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:13.974327087 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.025491953 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.025563002 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.035434008 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.035490990 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.064604998 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.064652920 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.090092897 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.115362883 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.115446091 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.155052900 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.155174017 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.157907009 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.157967091 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.203562021 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.203634024 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.203639984 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.203674078 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.207711935 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.207777023 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.209866047 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.209899902 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.210032940 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.210105896 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.210115910 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.210144997 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.236790895 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.236891985 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.364584923 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.364598036 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.364614010 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.364625931 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.364634991 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.364717960 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.364753008 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.483998060 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.484014988 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.484025955 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.484038115 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.484047890 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.484287024 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.506681919 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.588990927 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.603518009 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.603585958 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.603594065 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.603600979 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.603878975 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.626410961 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.626468897 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.626595974 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.626605988 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.626646042 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.626693010 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.626769066 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.626782894 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.685741901 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.685849905 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.708692074 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.708851099 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.746062040 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.746977091 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.799871922 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.805264950 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.808419943 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.828488111 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.828718901 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.848598957 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.848721027 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.908859015 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.908965111 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.919584036 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.919719934 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.927968979 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.948287964 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.949224949 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:14.968266964 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:14.968485117 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.028542995 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.028868914 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.039163113 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.039235115 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.067883015 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.068254948 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.069025040 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.069036007 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.069212914 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.069222927 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.069251060 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.069309950 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.087980986 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.088079929 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.158864021 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.160295010 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.169573069 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.169609070 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.169703960 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.207515001 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.208313942 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.222532034 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.222610950 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.222732067 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.257740974 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.270257950 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.272341967 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.289235115 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.289380074 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.336858988 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.336874962 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.336972952 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.351798058 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.378612995 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.380178928 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.388969898 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.390520096 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.410655022 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.412331104 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.445985079 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.458462000 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.481630087 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.481815100 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.490561008 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.490906000 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.510211945 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.510299921 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.565642118 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.565886021 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.578394890 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.578447104 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.578530073 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.578540087 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.578596115 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.578777075 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.578794956 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.601530075 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.629987001 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.630060911 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.657902002 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.657980919 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.711384058 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.711503983 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.758476019 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.759994984 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.760025024 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.760113955 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.792094946 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.808089018 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.809050083 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.809088945 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.809299946 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.845873117 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.878151894 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.879563093 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.879729033 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.886745930 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.888432026 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.911900997 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.912000895 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.950972080 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.951083899 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.965614080 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.965698957 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.977266073 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:15.978805065 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:15.980268002 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.000510931 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.000598907 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.000845909 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.031619072 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.031747103 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.079637051 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.079722881 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.096972942 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.097002029 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.097038031 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.097070932 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.097131014 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.097173929 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.097400904 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.097409964 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.099771976 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.130098104 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.132344007 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.199407101 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.199832916 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.200618982 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.201069117 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.209258080 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.209587097 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.232924938 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.233292103 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.316888094 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.317435980 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.320658922 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.320806026 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.321528912 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.321580887 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.329662085 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.329880953 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.331384897 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.331448078 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.331468105 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.352668047 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.352680922 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.352735996 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.382822990 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.382957935 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.383073092 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.400832891 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.401046991 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.440476894 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.440574884 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.449399948 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.452276945 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.453224897 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.453283072 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.485239983 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.502645969 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.502716064 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.514173031 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.514188051 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.514256001 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.521853924 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.521935940 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.554075956 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.554150105 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.571779013 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.571897030 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.604970932 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.605040073 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.605072975 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.605146885 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.605245113 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.605309010 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.605336905 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.622272015 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.624420881 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.638343096 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.640467882 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.669734955 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.673806906 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.676311016 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.704027891 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.704134941 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.744029045 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.744178057 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.750238895 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.750262976 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.750329971 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.762269974 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.762356043 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.789546013 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.789885998 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.823740005 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.823832989 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.869868994 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.869986057 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.902045012 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.902112007 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.902121067 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.943485022 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.943592072 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.951190948 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:16.951548100 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.975380898 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:16.975380898 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.010052919 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.021771908 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.021855116 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.022150993 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.022171021 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.022200108 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.022227049 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.036346912 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.040297031 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.071110964 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.072336912 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.095007896 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.095096111 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.095192909 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.095230103 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.095232964 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.095347881 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.095427990 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.095510960 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.129729033 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.129839897 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.141469955 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.141575098 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.191924095 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.192328930 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.198045969 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.198074102 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.198163033 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.214658976 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.214768887 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.252690077 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.252717972 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.252966881 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.292036057 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.292258978 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.292455912 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.317868948 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.320346117 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.322061062 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.322137117 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.331052065 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.331964016 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.372520924 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.372772932 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.439874887 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.440316916 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.451421022 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.452275038 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.484086037 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.490257025 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.493024111 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.493094921 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.493180037 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.513231993 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.516439915 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.518771887 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.518878937 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.558249950 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.571858883 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.572287083 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.572921991 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.572979927 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.573010921 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.573055983 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.603954077 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.604331017 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.609914064 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.609957933 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.610042095 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.610054016 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.610083103 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.610137939 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.610255957 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.610285997 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.610354900 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.636166096 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.636346102 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.666678905 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.666695118 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.666798115 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.677826881 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.677936077 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.693547964 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.693615913 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.729756117 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.729840040 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.756110907 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.756171942 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.761136055 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.761565924 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.797446012 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.797523022 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.805006981 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.838171959 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.838186026 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.838253021 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.865514040 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.875762939 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.876302004 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.880013943 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.880194902 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.880666018 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.880709887 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.880757093 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.884231091 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.893081903 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.896414995 CET4973863701192.168.2.4154.82.113.139
                                                                                                                                                                      Dec 29, 2024 02:02:17.957138062 CET6370149738154.82.113.139192.168.2.4
                                                                                                                                                                      Dec 29, 2024 02:02:17.957441092 CET4973863701192.168.2.4154.82.113.139

                                                                                                                                                                      ICMP Packets

                                                                                                                                                                      TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                      Dec 29, 2024 02:00:56.957552910 CET192.168.2.4154.82.113.13988ebEcho
                                                                                                                                                                      Dec 29, 2024 02:00:57.364434004 CET154.82.113.139192.168.2.490ebEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:00:58.378586054 CET192.168.2.4154.82.113.139a4b9Echo
                                                                                                                                                                      Dec 29, 2024 02:00:58.785665989 CET154.82.113.139192.168.2.4acb9Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:00:59.800452948 CET192.168.2.4154.82.113.139c8dcEcho
                                                                                                                                                                      Dec 29, 2024 02:01:00.207279921 CET154.82.113.139192.168.2.4d0dcEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:01:01.222392082 CET192.168.2.4154.82.113.1396280Echo
                                                                                                                                                                      Dec 29, 2024 02:01:01.629421949 CET154.82.113.139192.168.2.46a80Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:03.782358885 CET192.168.2.4154.82.113.1394931Echo
                                                                                                                                                                      Dec 29, 2024 02:01:04.189347982 CET154.82.113.139192.168.2.45131Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:05.191122055 CET192.168.2.4154.82.113.1396d54Echo
                                                                                                                                                                      Dec 29, 2024 02:01:05.598052979 CET154.82.113.139192.168.2.47554Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:06.623397112 CET192.168.2.4154.82.113.1398a22Echo
                                                                                                                                                                      Dec 29, 2024 02:01:07.030411005 CET154.82.113.139192.168.2.49222Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:08.034931898 CET192.168.2.4154.82.113.1392b1bEcho
                                                                                                                                                                      Dec 29, 2024 02:01:08.441766977 CET154.82.113.139192.168.2.4331bEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:01:10.613754988 CET192.168.2.4154.82.113.139674cEcho
                                                                                                                                                                      Dec 29, 2024 02:01:11.020396948 CET154.82.113.139192.168.2.46f4cEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:01:12.037487030 CET192.168.2.4154.82.113.1398b6fEcho
                                                                                                                                                                      Dec 29, 2024 02:01:12.444174051 CET154.82.113.139192.168.2.4936fEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:01:13.457170010 CET192.168.2.4154.82.113.139b092Echo
                                                                                                                                                                      Dec 29, 2024 02:01:13.863895893 CET154.82.113.139192.168.2.4b892Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:14.878698111 CET192.168.2.4154.82.113.139d4b5Echo
                                                                                                                                                                      Dec 29, 2024 02:01:15.285557032 CET154.82.113.139192.168.2.4dcb5Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:17.426426888 CET192.168.2.4154.82.113.139bb66Echo
                                                                                                                                                                      Dec 29, 2024 02:01:17.833129883 CET154.82.113.139192.168.2.4c366Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:18.847214937 CET192.168.2.4154.82.113.1395d5fEcho
                                                                                                                                                                      Dec 29, 2024 02:01:19.254050970 CET154.82.113.139192.168.2.4655fEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:01:20.269265890 CET192.168.2.4154.82.113.1398082Echo
                                                                                                                                                                      Dec 29, 2024 02:01:20.676250935 CET154.82.113.139192.168.2.48882Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:21.690999985 CET192.168.2.4154.82.113.139a4a5Echo
                                                                                                                                                                      Dec 29, 2024 02:01:22.097901106 CET154.82.113.139192.168.2.4aca5Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:24.238899946 CET192.168.2.4154.82.113.139d3f5Echo
                                                                                                                                                                      Dec 29, 2024 02:01:24.645752907 CET154.82.113.139192.168.2.4dbf5Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:25.659802914 CET192.168.2.4154.82.113.139f818Echo
                                                                                                                                                                      Dec 29, 2024 02:01:26.066713095 CET154.82.113.139192.168.2.419Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:27.081815004 CET192.168.2.4154.82.113.1391c3cEcho
                                                                                                                                                                      Dec 29, 2024 02:01:27.488529921 CET154.82.113.139192.168.2.4243cEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:01:28.503828049 CET192.168.2.4154.82.113.139e25eEcho
                                                                                                                                                                      Dec 29, 2024 02:01:28.910722971 CET154.82.113.139192.168.2.4ea5eEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:01:31.051595926 CET192.168.2.4154.82.113.1395e97Echo
                                                                                                                                                                      Dec 29, 2024 02:01:31.458307028 CET154.82.113.139192.168.2.46697Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:32.472263098 CET192.168.2.4154.82.113.1399355Echo
                                                                                                                                                                      Dec 29, 2024 02:01:32.879054070 CET154.82.113.139192.168.2.49b55Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:33.894130945 CET192.168.2.4154.82.113.139a4c7Echo
                                                                                                                                                                      Dec 29, 2024 02:01:34.300923109 CET154.82.113.139192.168.2.4acc7Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:35.316063881 CET192.168.2.4154.82.113.139d836Echo
                                                                                                                                                                      Dec 29, 2024 02:01:35.722778082 CET154.82.113.139192.168.2.4e036Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:37.863634109 CET192.168.2.4154.82.113.1399cceEcho
                                                                                                                                                                      Dec 29, 2024 02:01:38.304557085 CET154.82.113.139192.168.2.4a4ceEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:01:39.316241980 CET192.168.2.4154.82.113.1395f55Echo
                                                                                                                                                                      Dec 29, 2024 02:01:39.722922087 CET154.82.113.139192.168.2.46755Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:40.737885952 CET192.168.2.4154.82.113.1398236Echo
                                                                                                                                                                      Dec 29, 2024 02:01:41.144577980 CET154.82.113.139192.168.2.48a36Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:42.159704924 CET192.168.2.4154.82.113.1397215Echo
                                                                                                                                                                      Dec 29, 2024 02:01:42.566524982 CET154.82.113.139192.168.2.47a15Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:44.728135109 CET192.168.2.4154.82.113.13953d1Echo
                                                                                                                                                                      Dec 29, 2024 02:01:45.134763956 CET154.82.113.139192.168.2.45bd1Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:46.144294977 CET192.168.2.4154.82.113.1392e74Echo
                                                                                                                                                                      Dec 29, 2024 02:01:46.550993919 CET154.82.113.139192.168.2.43674Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:47.566034079 CET192.168.2.4154.82.113.13939bbEcho
                                                                                                                                                                      Dec 29, 2024 02:01:47.972734928 CET154.82.113.139192.168.2.441bbEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:01:48.987982988 CET192.168.2.4154.82.113.13920f1Echo
                                                                                                                                                                      Dec 29, 2024 02:01:49.394803047 CET154.82.113.139192.168.2.428f1Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:51.535393953 CET192.168.2.4154.82.113.139c92Echo
                                                                                                                                                                      Dec 29, 2024 02:01:51.942145109 CET154.82.113.139192.168.2.41492Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:52.956828117 CET192.168.2.4154.82.113.139fa0eEcho
                                                                                                                                                                      Dec 29, 2024 02:01:53.363671064 CET154.82.113.139192.168.2.420fEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:01:54.378531933 CET192.168.2.4154.82.113.139d5d7Echo
                                                                                                                                                                      Dec 29, 2024 02:01:54.785335064 CET154.82.113.139192.168.2.4ddd7Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:55.800553083 CET192.168.2.4154.82.113.139eaacEcho
                                                                                                                                                                      Dec 29, 2024 02:01:56.207243919 CET154.82.113.139192.168.2.4f2acEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:01:58.347886086 CET192.168.2.4154.82.113.1391b48Echo
                                                                                                                                                                      Dec 29, 2024 02:01:58.754622936 CET154.82.113.139192.168.2.42348Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:01:59.769018888 CET192.168.2.4154.82.113.139c9daEcho
                                                                                                                                                                      Dec 29, 2024 02:02:00.175765038 CET154.82.113.139192.168.2.4d1daEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:02:01.191059113 CET192.168.2.4154.82.113.139e375Echo
                                                                                                                                                                      Dec 29, 2024 02:02:01.597625971 CET154.82.113.139192.168.2.4eb75Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:02:02.612807989 CET192.168.2.4154.82.113.13966b6Echo
                                                                                                                                                                      Dec 29, 2024 02:02:03.020001888 CET154.82.113.139192.168.2.46eb6Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:02:05.160717964 CET192.168.2.4154.82.113.139ed3aEcho
                                                                                                                                                                      Dec 29, 2024 02:02:05.567195892 CET154.82.113.139192.168.2.4f53aEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:02:06.581804991 CET192.168.2.4154.82.113.1395041Echo
                                                                                                                                                                      Dec 29, 2024 02:02:06.988586903 CET154.82.113.139192.168.2.45841Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:02:08.003483057 CET192.168.2.4154.82.113.1399067Echo
                                                                                                                                                                      Dec 29, 2024 02:02:08.409996033 CET154.82.113.139192.168.2.49867Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:02:09.425544977 CET192.168.2.4154.82.113.139a40cEcho
                                                                                                                                                                      Dec 29, 2024 02:02:09.832170010 CET154.82.113.139192.168.2.4ac0cEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:02:11.974695921 CET192.168.2.4154.82.113.13942edEcho
                                                                                                                                                                      Dec 29, 2024 02:02:12.381398916 CET154.82.113.139192.168.2.44aedEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:02:13.394355059 CET192.168.2.4154.82.113.139219cEcho
                                                                                                                                                                      Dec 29, 2024 02:02:13.800992012 CET154.82.113.139192.168.2.4299cEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:02:14.815938950 CET192.168.2.4154.82.113.13955cdEcho
                                                                                                                                                                      Dec 29, 2024 02:02:15.222623110 CET154.82.113.139192.168.2.45dcdEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:02:16.238204002 CET192.168.2.4154.82.113.13920b1Echo
                                                                                                                                                                      Dec 29, 2024 02:02:16.644814014 CET154.82.113.139192.168.2.428b1Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:02:18.785749912 CET192.168.2.4154.82.113.139cb6dEcho
                                                                                                                                                                      Dec 29, 2024 02:02:19.192464113 CET154.82.113.139192.168.2.4d36dEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:02:20.206568956 CET192.168.2.4154.82.113.13988abEcho
                                                                                                                                                                      Dec 29, 2024 02:02:20.613919973 CET154.82.113.139192.168.2.490abEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:02:21.628752947 CET192.168.2.4154.82.113.1397b57Echo
                                                                                                                                                                      Dec 29, 2024 02:02:22.035378933 CET154.82.113.139192.168.2.48357Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:02:23.050412893 CET192.168.2.4154.82.113.139d0bEcho
                                                                                                                                                                      Dec 29, 2024 02:02:23.457073927 CET154.82.113.139192.168.2.4150bEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:02:25.598577976 CET192.168.2.4154.82.113.13938d7Echo
                                                                                                                                                                      Dec 29, 2024 02:02:26.006064892 CET154.82.113.139192.168.2.440d7Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:02:27.019247055 CET192.168.2.4154.82.113.1396d42Echo
                                                                                                                                                                      Dec 29, 2024 02:02:27.426439047 CET154.82.113.139192.168.2.47542Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:02:28.440888882 CET192.168.2.4154.82.113.1397109Echo
                                                                                                                                                                      Dec 29, 2024 02:02:28.847551107 CET154.82.113.139192.168.2.47909Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:02:29.862750053 CET192.168.2.4154.82.113.1393e33Echo
                                                                                                                                                                      Dec 29, 2024 02:02:30.269563913 CET154.82.113.139192.168.2.44633Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:02:32.496124983 CET192.168.2.4154.82.113.1398a1eEcho
                                                                                                                                                                      Dec 29, 2024 02:02:32.902885914 CET154.82.113.139192.168.2.4921eEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:02:33.909638882 CET192.168.2.4154.82.113.139b70Echo
                                                                                                                                                                      Dec 29, 2024 02:02:34.316487074 CET154.82.113.139192.168.2.41370Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:02:35.331581116 CET192.168.2.4154.82.113.139e766Echo
                                                                                                                                                                      Dec 29, 2024 02:02:35.738210917 CET154.82.113.139192.168.2.4ef66Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:02:36.753498077 CET192.168.2.4154.82.113.139ac1cEcho
                                                                                                                                                                      Dec 29, 2024 02:02:37.160214901 CET154.82.113.139192.168.2.4b41cEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:02:39.306931973 CET192.168.2.4154.82.113.1393d85Echo
                                                                                                                                                                      Dec 29, 2024 02:02:39.713581085 CET154.82.113.139192.168.2.44585Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:02:40.722264051 CET192.168.2.4154.82.113.1399f91Echo
                                                                                                                                                                      Dec 29, 2024 02:02:41.129004002 CET154.82.113.139192.168.2.4a791Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:02:42.144248009 CET192.168.2.4154.82.113.13955aeEcho
                                                                                                                                                                      Dec 29, 2024 02:02:42.550965071 CET154.82.113.139192.168.2.45daeEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:02:43.565850019 CET192.168.2.4154.82.113.139c2eeEcho
                                                                                                                                                                      Dec 29, 2024 02:02:43.973033905 CET154.82.113.139192.168.2.4caeeEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:02:46.115029097 CET192.168.2.4154.82.113.139dd63Echo
                                                                                                                                                                      Dec 29, 2024 02:02:46.521681070 CET154.82.113.139192.168.2.4e563Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:02:47.534614086 CET192.168.2.4154.82.113.1391e7Echo
                                                                                                                                                                      Dec 29, 2024 02:02:47.941162109 CET154.82.113.139192.168.2.49e7Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:02:48.956826925 CET192.168.2.4154.82.113.1392c2cEcho
                                                                                                                                                                      Dec 29, 2024 02:02:49.363498926 CET154.82.113.139192.168.2.4342cEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:02:50.378561974 CET192.168.2.4154.82.113.139a750Echo
                                                                                                                                                                      Dec 29, 2024 02:02:50.785284042 CET154.82.113.139192.168.2.4af50Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:02:52.942997932 CET192.168.2.4154.82.113.1394417Echo
                                                                                                                                                                      Dec 29, 2024 02:02:53.349790096 CET154.82.113.139192.168.2.44c17Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:02:54.362696886 CET192.168.2.4154.82.113.139474aEcho
                                                                                                                                                                      Dec 29, 2024 02:02:54.769371986 CET154.82.113.139192.168.2.44f4aEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:02:55.784554005 CET192.168.2.4154.82.113.13948daEcho
                                                                                                                                                                      Dec 29, 2024 02:02:56.191427946 CET154.82.113.139192.168.2.450daEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:02:57.206501007 CET192.168.2.4154.82.113.139be5bEcho
                                                                                                                                                                      Dec 29, 2024 02:02:57.613244057 CET154.82.113.139192.168.2.4c65bEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:02:59.783627033 CET192.168.2.4154.82.113.13941ecEcho
                                                                                                                                                                      Dec 29, 2024 02:03:00.190504074 CET154.82.113.139192.168.2.449ecEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:03:01.248507977 CET192.168.2.4154.82.113.139cd7eEcho
                                                                                                                                                                      Dec 29, 2024 02:03:01.655164957 CET154.82.113.139192.168.2.4d57eEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:03:02.659652948 CET192.168.2.4154.82.113.139e559Echo
                                                                                                                                                                      Dec 29, 2024 02:03:03.066445112 CET154.82.113.139192.168.2.4ed59Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:04.089540005 CET192.168.2.4154.82.113.139d309Echo
                                                                                                                                                                      Dec 29, 2024 02:03:04.496630907 CET154.82.113.139192.168.2.4db09Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:06.650535107 CET192.168.2.4154.82.113.139da79Echo
                                                                                                                                                                      Dec 29, 2024 02:03:07.057358027 CET154.82.113.139192.168.2.4e279Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:08.066004992 CET192.168.2.4154.82.113.13953a0Echo
                                                                                                                                                                      Dec 29, 2024 02:03:08.472750902 CET154.82.113.139192.168.2.45ba0Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:09.487633944 CET192.168.2.4154.82.113.13947b2Echo
                                                                                                                                                                      Dec 29, 2024 02:03:09.894256115 CET154.82.113.139192.168.2.44fb2Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:10.909537077 CET192.168.2.4154.82.113.139e5feEcho
                                                                                                                                                                      Dec 29, 2024 02:03:11.316090107 CET154.82.113.139192.168.2.4edfeEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:03:13.661187887 CET192.168.2.4154.82.113.139b5a4Echo
                                                                                                                                                                      Dec 29, 2024 02:03:14.067754030 CET154.82.113.139192.168.2.4bda4Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:15.081522942 CET192.168.2.4154.82.113.139ab35Echo
                                                                                                                                                                      Dec 29, 2024 02:03:15.488117933 CET154.82.113.139192.168.2.4b335Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:16.503426075 CET192.168.2.4154.82.113.139ffb7Echo
                                                                                                                                                                      Dec 29, 2024 02:03:16.910147905 CET154.82.113.139192.168.2.47b8Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:17.925158024 CET192.168.2.4154.82.113.1397f0cEcho
                                                                                                                                                                      Dec 29, 2024 02:03:18.332356930 CET154.82.113.139192.168.2.4870cEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:03:20.473660946 CET192.168.2.4154.82.113.1399606Echo
                                                                                                                                                                      Dec 29, 2024 02:03:20.880312920 CET154.82.113.139192.168.2.49e06Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:21.893919945 CET192.168.2.4154.82.113.139dd34Echo
                                                                                                                                                                      Dec 29, 2024 02:03:22.300626993 CET154.82.113.139192.168.2.4e534Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:23.315805912 CET192.168.2.4154.82.113.139c634Echo
                                                                                                                                                                      Dec 29, 2024 02:03:23.722924948 CET154.82.113.139192.168.2.4ce34Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:24.737754107 CET192.168.2.4154.82.113.139645eEcho
                                                                                                                                                                      Dec 29, 2024 02:03:25.144723892 CET154.82.113.139192.168.2.46c5eEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:03:27.292990923 CET192.168.2.4154.82.113.139fbb7Echo
                                                                                                                                                                      Dec 29, 2024 02:03:27.700159073 CET154.82.113.139192.168.2.43b8Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:28.706917048 CET192.168.2.4154.82.113.13919c3Echo
                                                                                                                                                                      Dec 29, 2024 02:03:29.114105940 CET154.82.113.139192.168.2.421c3Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:30.128855944 CET192.168.2.4154.82.113.139510fEcho
                                                                                                                                                                      Dec 29, 2024 02:03:30.535536051 CET154.82.113.139192.168.2.4590fEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:03:31.550153017 CET192.168.2.4154.82.113.139cdb2Echo
                                                                                                                                                                      Dec 29, 2024 02:03:31.956891060 CET154.82.113.139192.168.2.4d5b2Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:34.099184036 CET192.168.2.4154.82.113.1397ce2Echo
                                                                                                                                                                      Dec 29, 2024 02:03:34.505877972 CET154.82.113.139192.168.2.484e2Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:35.518887997 CET192.168.2.4154.82.113.139a5f5Echo
                                                                                                                                                                      Dec 29, 2024 02:03:35.925672054 CET154.82.113.139192.168.2.4adf5Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:36.940747976 CET192.168.2.4154.82.113.1392a6fEcho
                                                                                                                                                                      Dec 29, 2024 02:03:37.347527981 CET154.82.113.139192.168.2.4326fEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:03:38.362859011 CET192.168.2.4154.82.113.139306aEcho
                                                                                                                                                                      Dec 29, 2024 02:03:38.769547939 CET154.82.113.139192.168.2.4386aEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:03:40.913639069 CET192.168.2.4154.82.113.139434dEcho
                                                                                                                                                                      Dec 29, 2024 02:03:41.320539951 CET154.82.113.139192.168.2.44b4dEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:03:42.331475973 CET192.168.2.4154.82.113.139c72eEcho
                                                                                                                                                                      Dec 29, 2024 02:03:42.738394022 CET154.82.113.139192.168.2.4cf2eEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:03:43.753268957 CET192.168.2.4154.82.113.1392036Echo
                                                                                                                                                                      Dec 29, 2024 02:03:44.160319090 CET154.82.113.139192.168.2.42836Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:45.175337076 CET192.168.2.4154.82.113.13910caEcho
                                                                                                                                                                      Dec 29, 2024 02:03:45.582075119 CET154.82.113.139192.168.2.418caEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:03:47.723417997 CET192.168.2.4154.82.113.139e8e3Echo
                                                                                                                                                                      Dec 29, 2024 02:03:48.130100012 CET154.82.113.139192.168.2.4f0e3Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:49.143996954 CET192.168.2.4154.82.113.139e5c5Echo
                                                                                                                                                                      Dec 29, 2024 02:03:49.550848007 CET154.82.113.139192.168.2.4edc5Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:50.565746069 CET192.168.2.4154.82.113.1393fc0Echo
                                                                                                                                                                      Dec 29, 2024 02:03:50.972306013 CET154.82.113.139192.168.2.447c0Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:51.987710953 CET192.168.2.4154.82.113.139fc4cEcho
                                                                                                                                                                      Dec 29, 2024 02:03:52.394418001 CET154.82.113.139192.168.2.444dEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:03:54.535717010 CET192.168.2.4154.82.113.139dc6dEcho
                                                                                                                                                                      Dec 29, 2024 02:03:54.942456007 CET154.82.113.139192.168.2.4e46dEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:03:55.956374884 CET192.168.2.4154.82.113.139f9b2Echo
                                                                                                                                                                      Dec 29, 2024 02:03:56.363183022 CET154.82.113.139192.168.2.41b3Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:57.378217936 CET192.168.2.4154.82.113.139ae63Echo
                                                                                                                                                                      Dec 29, 2024 02:03:57.785000086 CET154.82.113.139192.168.2.4b663Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:03:58.800177097 CET192.168.2.4154.82.113.139d6a5Echo
                                                                                                                                                                      Dec 29, 2024 02:03:59.207134008 CET154.82.113.139192.168.2.4dea5Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:04:01.352720022 CET192.168.2.4154.82.113.1392b60Echo
                                                                                                                                                                      Dec 29, 2024 02:04:01.759602070 CET154.82.113.139192.168.2.43360Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:04:02.768872976 CET192.168.2.4154.82.113.139db3cEcho
                                                                                                                                                                      Dec 29, 2024 02:04:03.175667048 CET154.82.113.139192.168.2.4e33cEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:04:04.191055059 CET192.168.2.4154.82.113.1397d44Echo
                                                                                                                                                                      Dec 29, 2024 02:04:04.597738028 CET154.82.113.139192.168.2.48544Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:04:05.612597942 CET192.168.2.4154.82.113.139cd85Echo
                                                                                                                                                                      Dec 29, 2024 02:04:06.019968987 CET154.82.113.139192.168.2.4d585Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:04:08.161664963 CET192.168.2.4154.82.113.13927e0Echo
                                                                                                                                                                      Dec 29, 2024 02:04:08.568572044 CET154.82.113.139192.168.2.42fe0Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:04:09.581315041 CET192.168.2.4154.82.113.13983bcEcho
                                                                                                                                                                      Dec 29, 2024 02:04:09.988229036 CET154.82.113.139192.168.2.48bbcEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:04:11.030226946 CET192.168.2.4154.82.113.139470aEcho
                                                                                                                                                                      Dec 29, 2024 02:04:11.437030077 CET154.82.113.139192.168.2.44f0aEcho Reply
                                                                                                                                                                      Dec 29, 2024 02:04:12.440788031 CET192.168.2.4154.82.113.139fdc4Echo
                                                                                                                                                                      Dec 29, 2024 02:04:12.847565889 CET154.82.113.139192.168.2.45c5Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:04:15.348198891 CET192.168.2.4154.82.113.1395f11Echo
                                                                                                                                                                      Dec 29, 2024 02:04:15.755069971 CET154.82.113.139192.168.2.46711Echo Reply
                                                                                                                                                                      Dec 29, 2024 02:04:16.784604073 CET192.168.2.4154.82.113.139a380Echo
                                                                                                                                                                      Dec 29, 2024 02:04:17.192975044 CET154.82.113.139192.168.2.4ab80Echo Reply

                                                                                                                                                                      DNS Answers

                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                      Dec 29, 2024 02:00:27.589443922 CET1.1.1.1192.168.2.40xd3d9No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                      Dec 29, 2024 02:00:27.589443922 CET1.1.1.1192.168.2.40xd3d9No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                                                                                                                                                                      Statistics

                                                                                                                                                                      CPU Usage

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Memory Usage

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                      Behavior

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      System Behavior

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:0
                                                                                                                                                                      Start time:20:00:08
                                                                                                                                                                      Start date:28/12/2024
                                                                                                                                                                      Path:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe"
                                                                                                                                                                      Imagebase:0xc00000
                                                                                                                                                                      File size:28'924'664 bytes
                                                                                                                                                                      MD5 hash:0BE92F00CC946557BBF1DEC87B708224
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:1
                                                                                                                                                                      Start time:20:00:13
                                                                                                                                                                      Start date:28/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                      Imagebase:0x7ff6f6f20000
                                                                                                                                                                      File size:69'632 bytes
                                                                                                                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:2
                                                                                                                                                                      Start time:20:00:13
                                                                                                                                                                      Start date:28/12/2024
                                                                                                                                                                      Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 1D35FE1868B50914AC73C4C1E92E866C C
                                                                                                                                                                      Imagebase:0xb20000
                                                                                                                                                                      File size:59'904 bytes
                                                                                                                                                                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:3
                                                                                                                                                                      Start time:20:00:20
                                                                                                                                                                      Start date:28/12/2024
                                                                                                                                                                      Path:C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\Installer eSPT Masa PPh versi 2.0#U007e26022009.exe" /i "C:\Program Files (x86)\WindowsInstallerFB\7AF5081\DAN_127.msi" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\BtDDIFUEHLCR" SECONDSEQUENCE="1" CLIENTPROCESSID="5324" AI_MORE_CMD_LINE=1
                                                                                                                                                                      Imagebase:0xc00000
                                                                                                                                                                      File size:28'924'664 bytes
                                                                                                                                                                      MD5 hash:0BE92F00CC946557BBF1DEC87B708224
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:4
                                                                                                                                                                      Start time:20:00:21
                                                                                                                                                                      Start date:28/12/2024
                                                                                                                                                                      Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding D34C0DB36F96DC933127EB55CBA7C9C2
                                                                                                                                                                      Imagebase:0xb20000
                                                                                                                                                                      File size:59'904 bytes
                                                                                                                                                                      MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:8
                                                                                                                                                                      Start time:20:00:42
                                                                                                                                                                      Start date:28/12/2024
                                                                                                                                                                      Path:C:\Windows\Installer\MSI7DAF.tmp
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Windows\Installer\MSI7DAF.tmp"
                                                                                                                                                                      Imagebase:0x230000
                                                                                                                                                                      File size:175'328 bytes
                                                                                                                                                                      MD5 hash:BE4ED0D3AA0B2573927A046620106B13
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:9
                                                                                                                                                                      Start time:20:00:42
                                                                                                                                                                      Start date:28/12/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe" x "C:\Program Files (x86)\BtDDIFUEHLCR\TLGCBXAGVFLQ.KBI" -o"C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1" -pJHKQFETWJKTIHLLBOKO -aos -y
                                                                                                                                                                      Imagebase:0x6a0000
                                                                                                                                                                      File size:710'888 bytes
                                                                                                                                                                      MD5 hash:FAE7D0A530279838C8A5731B086A081B
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000009.00000003.2021130019.0000000002EE6000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:10
                                                                                                                                                                      Start time:20:00:42
                                                                                                                                                                      Start date:28/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:11
                                                                                                                                                                      Start time:20:00:47
                                                                                                                                                                      Start date:28/12/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe" x "C:\Program Files (x86)\BtDDIFUEHLCR\SUGIPFIMNRQE.TMA" -o"C:\Program Files (x86)\BtDDIFUEHLCR" -pMNHWOTMLOHTPVRFXPCH -aos -y
                                                                                                                                                                      Imagebase:0x6a0000
                                                                                                                                                                      File size:710'888 bytes
                                                                                                                                                                      MD5 hash:FAE7D0A530279838C8A5731B086A081B
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:12
                                                                                                                                                                      Start time:20:00:47
                                                                                                                                                                      Start date:28/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:13
                                                                                                                                                                      Start time:20:00:49
                                                                                                                                                                      Start date:28/12/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BtDDIFUEHLCR\e8a0d5af432b7e64DBD.exe" x "C:\Program Files (x86)\BtDDIFUEHLCR\TMGJRLDUDWLQ.FCU" -o"C:\Users\user\AppData\Roaming" -pPXOEWCVFPIJPLHQSQSX -aos -y
                                                                                                                                                                      Imagebase:0x6a0000
                                                                                                                                                                      File size:710'888 bytes
                                                                                                                                                                      MD5 hash:FAE7D0A530279838C8A5731B086A081B
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:14
                                                                                                                                                                      Start time:20:00:49
                                                                                                                                                                      Start date:28/12/2024
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:15
                                                                                                                                                                      Start time:20:00:50
                                                                                                                                                                      Start date:28/12/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe"
                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                      File size:691'760 bytes
                                                                                                                                                                      MD5 hash:938C33C54819D6CE8D731B68D9C37E38
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000000F.00000000.2077543981.0000000000401000.00000020.00000001.01000000.00000010.sdmp, Author: Joe Security
                                                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe, Author: Joe Security
                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                      • Detection: 0%, ReversingLabs
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:18
                                                                                                                                                                      Start time:20:00:50
                                                                                                                                                                      Start date:28/12/2024
                                                                                                                                                                      Path:C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Program Files (x86)\BtDDIFUEHLCR\yybob\Bor32-update-flase.exe"
                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                      File size:691'760 bytes
                                                                                                                                                                      MD5 hash:938C33C54819D6CE8D731B68D9C37E38
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                                                      Yara matches:
                                                                                                                                                                      • Rule: JoeSecurity_blackmoon, Description: Yara detected BlackMoon Ransomware, Source: 00000012.00000002.2134669600.00000000030AC000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:19
                                                                                                                                                                      Start time:20:00:54
                                                                                                                                                                      Start date:28/12/2024
                                                                                                                                                                      Path:C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\B35542DB6BED445A8478ECE738C8E8C1\VGX\Haloonoroff.exe"
                                                                                                                                                                      Imagebase:0xb90000
                                                                                                                                                                      File size:174'304 bytes
                                                                                                                                                                      MD5 hash:0D318144BD23BA1A72CC06FE19CB3F0C
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Has exited:false

                                                                                                                                                                      Disassembly

                                                                                                                                                                      Reset < >

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:6.2%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                        Signature Coverage:17%
                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                        Total number of Limit Nodes:84
                                                                                                                                                                        execution_graph 82073 d02af0 82074 d02b3c 82073->82074 82076 d02d57 82073->82076 82106 c103a0 82074->82106 82219 db469a 82076->82219 82080 d02dd9 82082 d02b70 82086 d02b8b 82082->82086 82088 d02b99 82082->82088 82083 d02ddd 82226 c09980 82083->82226 82085 d02de7 82202 c092a0 82086->82202 82088->82088 82217 c09800 35 API calls 4 library calls 82088->82217 82090 d02b97 82147 c078a0 82090->82147 82092 d02bc9 CreateFileW 82093 d02c19 82092->82093 82094 d02bfb CloseHandle 82092->82094 82151 c3d370 56 API calls 82093->82151 82094->82076 82096 d02c22 82152 d02df0 82096->82152 82098 d02c35 WriteFile 82099 d02c65 82098->82099 82100 d02cab 82099->82100 82101 d02c9d CloseHandle 82099->82101 82218 d1a7b0 91 API calls _wcsrchr 82100->82218 82101->82100 82103 d02cb6 82104 d02cd7 ShellExecuteExW 82103->82104 82105 d02cc0 82103->82105 82104->82105 82105->82076 82107 c103f1 82106->82107 82110 c10470 82106->82110 82286 c07160 82107->82286 82230 c06610 82110->82230 82112 c10439 82298 c10b00 61 API calls 2 library calls 82112->82298 82113 c10490 82115 c104ae 82113->82115 82118 c078a0 34 API calls 82113->82118 82120 c078a0 34 API calls 82115->82120 82123 c104c9 82115->82123 82116 c1044f 82117 c06610 34 API calls 82116->82117 82119 c10458 82117->82119 82118->82115 82119->82110 82120->82123 82125 c10568 82123->82125 82126 c10504 std::ios_base::_Ios_base_dtor 82123->82126 82124 c078a0 34 API calls 82127 c1054a 82124->82127 82299 db9b1f 82125->82299 82235 c10570 82126->82235 82129 db469a _ValidateLocalCookies 5 API calls 82127->82129 82131 c10564 82129->82131 82132 c09cc0 82131->82132 82133 c09cf8 82132->82133 82144 c09d4c 82132->82144 82368 db4ba2 EnterCriticalSection 82133->82368 82136 db4ba2 4 API calls 82139 c09d66 82136->82139 82137 c09d0e GetProcessHeap 82372 db4a5a 34 API calls 82137->82372 82146 c09dd7 82139->82146 82374 db4a5a 34 API calls 82139->82374 82140 c09d3b 82373 db4b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 82140->82373 82143 c09dc6 82375 db4b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 82143->82375 82144->82136 82144->82146 82146->82082 82146->82083 82148 c078ee std::ios_base::_Ios_base_dtor 82147->82148 82150 c078cd 82147->82150 82148->82092 82149 db9b1f std::_Throw_Cpp_error 34 API calls 82149->82150 82150->82092 82150->82147 82150->82148 82150->82149 82151->82096 82153 c09cc0 43 API calls 82152->82153 82154 d02e2a 82153->82154 82155 d02e30 82154->82155 82156 d02eae 82154->82156 82159 d02e7b 82155->82159 82160 d02e5e 82155->82160 82157 c09980 2 API calls 82156->82157 82158 d02eb8 82157->82158 82377 d1b170 82158->82377 82435 d04bd0 65 API calls 82159->82435 82434 d04bd0 65 API calls 82160->82434 82164 d02e76 82164->82098 82167 d02f1e 82168 d02f80 82167->82168 82393 d03420 82167->82393 82170 d02fa0 GetModuleHandleW 82168->82170 82172 d02fd4 82170->82172 82173 d03009 82170->82173 82171 d02f39 82422 c211a0 82171->82422 82175 db4ba2 4 API calls 82172->82175 82179 d03061 82173->82179 82181 db4ba2 4 API calls 82173->82181 82177 d02fde 82175->82177 82176 d02f46 MoveFileW 82180 d1b170 10 API calls 82176->82180 82177->82173 82182 d02fea GetProcAddress 82177->82182 82188 db4ba2 4 API calls 82179->82188 82195 d030b9 82179->82195 82183 d02f78 82180->82183 82184 d03036 82181->82184 82436 db4b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 82182->82436 82183->82168 82186 d03301 82183->82186 82184->82179 82187 d03042 GetProcAddress 82184->82187 82431 dbff04 82186->82431 82437 db4b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 82187->82437 82191 d0308e 82188->82191 82194 d0309a GetProcAddress 82191->82194 82191->82195 82438 db4b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 82194->82438 82197 d03295 82195->82197 82439 cd7a10 GetSystemDirectoryW 82195->82439 82464 d04850 11 API calls 82197->82464 82199 d032a1 82200 db469a _ValidateLocalCookies 5 API calls 82199->82200 82201 d032f9 82200->82201 82201->82098 82791 c090a0 82202->82791 82205 c09332 82205->82090 82206 c092b6 FindResourceW 82206->82205 82207 c092cd 82206->82207 82798 c09160 LoadResource LockResource SizeofResource 82207->82798 82209 c092d7 82209->82205 82210 c092fe 82209->82210 82799 c09790 35 API calls 82209->82799 82800 dbe127 34 API calls 3 library calls 82210->82800 82213 c0930e 82214 c0931e 82213->82214 82215 c09980 2 API calls 82213->82215 82214->82090 82216 c09344 82215->82216 82217->82090 82218->82103 82220 db46a3 IsProcessorFeaturePresent 82219->82220 82221 db46a2 82219->82221 82223 db4d0a 82220->82223 82221->82080 82807 db4ccd SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 82223->82807 82225 db4ded 82225->82080 82227 c0998d 82226->82227 82228 db641a std::_Throw_Cpp_error RaiseException 82227->82228 82229 c0999a RtlAllocateHeap 82228->82229 82229->82085 82231 c06637 82230->82231 82232 c0663e 82231->82232 82304 c07750 82231->82304 82232->82113 82234 c06670 std::locale::_Locimp::_Locimp 82234->82113 82236 c105d5 82235->82236 82237 c105d7 GetTempFileNameW 82235->82237 82236->82237 82238 c1061e 82237->82238 82256 c105ec std::ios_base::_Ios_base_dtor 82237->82256 82241 c07160 34 API calls 82238->82241 82239 db469a _ValidateLocalCookies 5 API calls 82240 c10532 82239->82240 82240->82124 82242 c10680 82241->82242 82243 c10a18 82242->82243 82244 c10688 82242->82244 82245 c06610 34 API calls 82243->82245 82246 c06610 34 API calls 82244->82246 82248 c10a43 82245->82248 82247 c106b3 82246->82247 82331 d0d900 44 API calls 3 library calls 82247->82331 82360 d0d900 44 API calls 3 library calls 82248->82360 82251 c106c2 82332 d0deb0 34 API calls 2 library calls 82251->82332 82252 c10a52 82361 d0deb0 34 API calls 2 library calls 82252->82361 82255 c10a64 82255->82256 82259 c10af6 82255->82259 82256->82239 82257 c10af1 82260 db9b1f std::_Throw_Cpp_error 34 API calls 82257->82260 82258 c106d8 std::ios_base::_Ios_base_dtor 82258->82257 82262 c07160 34 API calls 82258->82262 82261 db9b1f std::_Throw_Cpp_error 34 API calls 82259->82261 82260->82259 82263 c10afb 82261->82263 82265 c1078c std::locale::_Locimp::_Locimp 82262->82265 82333 d0c720 34 API calls 82265->82333 82266 c1080f 82334 d0d5d0 82266->82334 82268 c10821 82269 c1082b 82268->82269 82270 c1082d MoveFileW 82268->82270 82269->82270 82271 c078a0 34 API calls 82270->82271 82272 c1084c 82271->82272 82273 c10854 82272->82273 82277 c1094e 82272->82277 82274 c10570 45 API calls 82273->82274 82275 c10871 DeleteFileW 82274->82275 82279 c078a0 34 API calls 82275->82279 82276 c078a0 34 API calls 82280 c10949 82276->82280 82277->82257 82278 c109de std::ios_base::_Ios_base_dtor 82277->82278 82278->82276 82281 c108da 82279->82281 82280->82256 82282 c10914 std::ios_base::_Ios_base_dtor 82281->82282 82284 c10aec 82281->82284 82283 c078a0 34 API calls 82282->82283 82283->82280 82285 db9b1f std::_Throw_Cpp_error 34 API calls 82284->82285 82285->82257 82288 c071ad 82286->82288 82289 c07171 std::locale::_Locimp::_Locimp 82286->82289 82287 c07261 82365 c07150 34 API calls 3 library calls 82287->82365 82288->82287 82292 c07750 34 API calls 82288->82292 82289->82112 82291 c07266 82293 c07160 34 API calls 82291->82293 82295 c071f6 std::locale::_Locimp::_Locimp 82292->82295 82294 c072d2 82293->82294 82294->82112 82296 c07245 std::ios_base::_Ios_base_dtor 82295->82296 82297 db9b1f std::_Throw_Cpp_error 34 API calls 82295->82297 82296->82112 82297->82287 82298->82116 82366 db9a5b 34 API calls __cftof 82299->82366 82301 db9b2e 82367 db9b3c 11 API calls std::locale::_Setgloballocale 82301->82367 82303 db9b3b 82305 c07796 82304->82305 82306 c0775b 82304->82306 82305->82234 82326 c07730 34 API calls 2 library calls 82305->82326 82307 c07764 82306->82307 82308 c07786 82306->82308 82307->82305 82311 c0776b 82307->82311 82308->82305 82310 c0778a 82308->82310 82319 db46d9 82310->82319 82313 db46d9 std::_Facet_Register 2 API calls 82311->82313 82316 c07771 82313->82316 82314 db9b1f std::_Throw_Cpp_error 34 API calls 82317 c077a5 82314->82317 82316->82314 82318 c0777a 82316->82318 82318->82234 82321 db46de std::_Facet_Register 82319->82321 82320 c07790 82320->82234 82321->82320 82323 db46fa std::_Facet_Register 82321->82323 82327 dc9cf3 EnterCriticalSection std::_Facet_Register 82321->82327 82328 db641a 82323->82328 82325 db5360 82326->82316 82327->82321 82329 db6461 RaiseException 82328->82329 82330 db6434 82328->82330 82329->82325 82330->82329 82331->82251 82332->82258 82333->82266 82335 d0d626 82334->82335 82340 d0d633 82334->82340 82336 c06610 34 API calls 82335->82336 82337 d0d62e std::ios_base::_Ios_base_dtor 82336->82337 82341 db469a _ValidateLocalCookies 5 API calls 82337->82341 82338 d0d7e8 82342 c06610 34 API calls 82338->82342 82339 d0d670 PathIsUNCW 82343 d0d7a0 82339->82343 82344 d0d685 82339->82344 82340->82338 82340->82339 82345 d0d817 82341->82345 82342->82337 82364 d0f1a0 44 API calls ___vcrt_FlsFree 82343->82364 82362 d0f1a0 44 API calls ___vcrt_FlsFree 82344->82362 82345->82268 82348 d0d6aa 82348->82338 82350 d0d6b5 82348->82350 82349 d0d7c5 82349->82338 82351 d0d7cc 82349->82351 82352 c06610 34 API calls 82350->82352 82353 c06610 34 API calls 82351->82353 82354 d0d6be std::locale::_Locimp::_Locimp 82352->82354 82353->82354 82363 c08c50 34 API calls std::locale::_Locimp::_Locimp 82354->82363 82356 d0d708 82356->82337 82357 d0d820 82356->82357 82358 db9b1f std::_Throw_Cpp_error 34 API calls 82357->82358 82359 d0d825 82358->82359 82360->82252 82361->82255 82362->82348 82363->82356 82364->82349 82365->82291 82366->82301 82367->82303 82371 db4bb6 82368->82371 82370 c09d02 82370->82137 82370->82144 82371->82370 82376 db4c2a SleepConditionVariableCS WaitForSingleObjectEx EnterCriticalSection 82371->82376 82372->82140 82373->82144 82374->82143 82375->82146 82376->82371 82465 d1b1b0 82377->82465 82380 c094e0 82381 c094eb 82380->82381 82382 c094fa 82381->82382 82383 c09565 82381->82383 82390 c09513 std::locale::_Setgloballocale 82381->82390 82382->82167 82480 c09740 35 API calls 82383->82480 82385 c0956a 82386 c094e0 35 API calls 82385->82386 82389 c095a6 82386->82389 82387 c09536 std::locale::_Locimp::_Locimp 82387->82167 82389->82167 82390->82387 82478 db9c2f GetLastError __dosmaperr 82390->82478 82391 c09555 82479 db9b0f 34 API calls __cftof 82391->82479 82394 d03460 82393->82394 82395 c09cc0 43 API calls 82394->82395 82406 d03478 82395->82406 82396 d0356d 82397 c09980 2 API calls 82396->82397 82398 d03577 FreeLibrary EnterCriticalSection 82397->82398 82399 d035e6 82398->82399 82404 d0360c std::ios_base::_Ios_base_dtor 82398->82404 82401 d035fc 82399->82401 82402 d035ec DestroyWindow 82399->82402 82401->82404 82489 dbe536 82401->82489 82402->82401 82403 d1b170 10 API calls 82403->82406 82405 d0365d 82404->82405 82408 dbe536 __freea 3 API calls 82404->82408 82412 d03673 std::ios_base::_Ios_base_dtor 82404->82412 82410 dbe536 __freea 3 API calls 82405->82410 82405->82412 82406->82396 82406->82403 82409 d034ea 82406->82409 82414 c09cc0 43 API calls 82406->82414 82487 c08d40 62 API calls 82406->82487 82408->82405 82413 d03532 82409->82413 82418 d03508 82409->82418 82421 d0350f 82409->82421 82410->82412 82481 d059b0 82412->82481 82488 c09800 35 API calls 4 library calls 82413->82488 82414->82406 82416 d03703 CoUninitialize 82417 d03709 82416->82417 82417->82171 82420 c094e0 35 API calls 82418->82420 82420->82421 82421->82171 82423 c21203 82422->82423 82424 c211b6 82422->82424 82423->82176 82425 c211f0 82424->82425 82427 c211c6 82424->82427 82500 c09800 35 API calls 4 library calls 82425->82500 82429 c094e0 35 API calls 82427->82429 82428 c211fb 82428->82176 82430 c211cc 82429->82430 82430->82176 82501 dbfcec 82431->82501 82434->82164 82435->82164 82436->82173 82437->82179 82438->82195 82440 cd7a5f 82439->82440 82463 cd7b1b 82439->82463 82442 c09cc0 43 API calls 82440->82442 82440->82463 82441 db469a _ValidateLocalCookies 5 API calls 82443 cd7b6b 82441->82443 82444 cd7a6f 82442->82444 82443->82195 82445 cd7a79 82444->82445 82446 cd7b73 82444->82446 82449 cd7a95 82445->82449 82450 cd7aa3 82445->82450 82447 c09980 2 API calls 82446->82447 82448 cd7b7d 82447->82448 82451 db46d9 std::_Facet_Register 2 API calls 82448->82451 82452 c092a0 43 API calls 82449->82452 82603 c09800 35 API calls 4 library calls 82450->82603 82453 cd7cd2 82451->82453 82454 cd7aa1 82452->82454 82689 c1d690 34 API calls 3 library calls 82453->82689 82604 c20880 82454->82604 82457 cd7d1a 82457->82195 82459 cd7ae2 82460 c20880 107 API calls 82459->82460 82461 cd7b09 82460->82461 82462 cd7b1f LoadLibraryExW 82461->82462 82461->82463 82462->82463 82463->82441 82464->82199 82469 d1b1f4 82465->82469 82477 d1b1ec 82465->82477 82466 db469a _ValidateLocalCookies 5 API calls 82468 d02f10 82466->82468 82467 d1b2e1 82470 c09980 2 API calls 82467->82470 82468->82380 82469->82467 82472 d1b224 std::locale::_Setgloballocale 82469->82472 82469->82477 82471 d1b2eb 82470->82471 82473 d1b242 FindFirstFileW 82472->82473 82472->82477 82474 d1b271 82473->82474 82475 d1b28e GetLastError 82473->82475 82476 d1b2ab FindClose 82474->82476 82474->82477 82475->82474 82476->82477 82477->82466 82478->82391 82479->82387 82480->82385 82482 d036f7 82481->82482 82483 d059e1 82481->82483 82482->82416 82482->82417 82483->82481 82484 d059f7 std::ios_base::_Ios_base_dtor 82483->82484 82492 c18590 RaiseException 82483->82492 82485 d05a3c DeleteCriticalSection 82484->82485 82485->82482 82487->82406 82488->82421 82493 dcca2d 82489->82493 82492->82483 82494 dcca38 HeapFree 82493->82494 82498 dbe54e 82493->82498 82495 dcca4d GetLastError 82494->82495 82494->82498 82496 dcca5a __dosmaperr 82495->82496 82499 db9c2f GetLastError __dosmaperr 82496->82499 82498->82404 82499->82498 82500->82428 82502 dbfd2b 82501->82502 82503 dbfd19 82501->82503 82513 dbfb95 82502->82513 82526 dbfdb4 GetModuleHandleW 82503->82526 82506 dbfd1e 82506->82502 82527 dbfe19 GetModuleHandleExW 82506->82527 82507 dbfd62 82508 d0330b 82507->82508 82519 dbfd83 82507->82519 82514 dbfba1 std::_Locinfo::_Locinfo_dtor 82513->82514 82533 dc80d3 EnterCriticalSection 82514->82533 82516 dbfbab 82534 dbfc01 82516->82534 82518 dbfbb8 std::locale::_Setgloballocale 82518->82507 82597 dbfdf7 82519->82597 82522 dbfda1 82523 dbfd91 GetCurrentProcess TerminateProcess 82523->82522 82526->82506 82528 dbfe79 82527->82528 82529 dbfe58 GetProcAddress 82527->82529 82530 dbfd2a 82528->82530 82531 dbfe7f FreeLibrary 82528->82531 82529->82528 82532 dbfe6c 82529->82532 82530->82502 82531->82530 82532->82528 82533->82516 82536 dbfc0d std::_Locinfo::_Locinfo_dtor 82534->82536 82535 dbfca2 82535->82518 82536->82535 82537 dbfc74 82536->82537 82542 dca77b 82536->82542 82538 dbfc91 82537->82538 82546 dcaa1f 82537->82546 82539 dcaa1f std::locale::_Setgloballocale 34 API calls 82538->82539 82539->82535 82543 dca787 __EH_prolog3 82542->82543 82550 dca4d3 82543->82550 82547 dcaa46 82546->82547 82548 dcaa2d 82546->82548 82547->82538 82548->82547 82561 c01990 82548->82561 82551 dca4df std::_Locinfo::_Locinfo_dtor 82550->82551 82556 dc80d3 EnterCriticalSection 82551->82556 82553 dca4ed 82557 dca68b 82553->82557 82555 dca4fa std::locale::_Setgloballocale 82556->82553 82558 dca6a2 82557->82558 82559 dca6aa 82557->82559 82558->82555 82559->82558 82560 dcca2d ___free_lconv_mon 3 API calls 82559->82560 82560->82558 82562 c019cd 82561->82562 82569 c06520 82562->82569 82564 c01a67 82579 db4a5a 34 API calls 82564->82579 82566 c01a8d 82570 c06581 82569->82570 82576 c065d5 82569->82576 82571 c06606 82570->82571 82572 c06589 82570->82572 82595 c06a90 34 API calls std::_Throw_Cpp_error 82571->82595 82580 c06b70 82572->82580 82576->82564 82579->82566 82581 c06b7b 82580->82581 82582 c06bbf 82580->82582 82602 dce93f GetPEB std::locale::_Setgloballocale 82597->82602 82599 dbfdfc 82600 dbfe01 GetPEB 82599->82600 82601 dbfd8d 82599->82601 82600->82601 82601->82522 82601->82523 82602->82599 82603->82454 82606 c208a6 ___crtLCMapStringW 82604->82606 82613 c20911 std::locale::_Locimp::_Locimp 82604->82613 82605 c09980 2 API calls 82607 c2095c 82605->82607 82606->82613 82614 c208f0 std::locale::_Setgloballocale 82606->82614 82690 c09790 35 API calls 82606->82690 82608 c209cb 82607->82608 82610 c209be FindClose 82607->82610 82693 c095d0 82608->82693 82610->82608 82612 c2093f 82612->82459 82613->82605 82613->82612 82614->82613 82691 db9c2f GetLastError __dosmaperr 82614->82691 82617 c2092d 82692 db9b0f 34 API calls __cftof 82617->82692 82618 c09cc0 43 API calls 82623 c209f9 82618->82623 82620 c20dac 82621 c09980 2 API calls 82620->82621 82622 c20db6 82621->82622 82624 c094e0 35 API calls 82622->82624 82623->82620 82625 c20a21 82623->82625 82626 c20a2f 82623->82626 82627 c20dff 82624->82627 82628 c092a0 43 API calls 82625->82628 82698 c09800 35 API calls 4 library calls 82626->82698 82630 c20e13 82627->82630 82641 c20e63 82627->82641 82631 c20a2d 82628->82631 82632 c094e0 35 API calls 82630->82632 82636 c20a76 PathIsUNCW 82631->82636 82637 c20bc5 FindFirstFileW 82631->82637 82680 c20c9c 82631->82680 82635 c20e1b 82632->82635 82633 c2103c 82634 c09980 2 API calls 82633->82634 82638 c2106a 82634->82638 82635->82459 82642 c20b55 82636->82642 82643 c20a8b 82636->82643 82639 c20bdd GetFullPathNameW 82637->82639 82637->82680 82646 c20bf6 82639->82646 82688 c20d31 ___crtLCMapStringW 82639->82688 82640 c20e94 82780 c21210 44 API calls 82640->82780 82641->82633 82641->82640 82779 c212c0 35 API calls 82641->82779 82645 c140b0 44 API calls 82642->82645 82699 c140b0 82643->82699 82676 c20b21 82645->82676 82649 c20c11 GetFullPathNameW 82646->82649 82774 c09790 35 API calls 82646->82774 82648 c20e9f 82655 c20c2a ___crtLCMapStringW 82649->82655 82650 c09980 2 API calls 82650->82620 82657 c20cd6 82655->82657 82667 c20c5e 82655->82667 82655->82688 82672 c20ce8 _wcsrchr 82657->82672 82775 c09680 35 API calls 4 library calls 82657->82775 82660 c20a93 82660->82637 82668 c20c94 SetLastError 82667->82668 82673 c20c87 FindClose 82667->82673 82668->82680 82673->82668 82676->82637 82773 c21070 35 API calls 3 library calls 82676->82773 82680->82459 82688->82650 82688->82680 82689->82457 82690->82614 82691->82617 82692->82613 82694 c09603 82693->82694 82695 c09612 82693->82695 82694->82695 82696 c09980 2 API calls 82694->82696 82695->82618 82697 c0966c 82696->82697 82698->82631 82700 c140f3 82699->82700 82701 c14124 82699->82701 82702 c094e0 35 API calls 82700->82702 82703 c09cc0 43 API calls 82701->82703 82705 c14135 82701->82705 82704 c140f8 82702->82704 82703->82705 82704->82660 82706 c14205 82705->82706 82708 c141f6 82705->82708 82711 c14200 82705->82711 82715 c14189 std::locale::_Setgloballocale 82705->82715 82707 c09980 2 API calls 82706->82707 82709 c09980 2 API calls 82708->82709 82709->82711 82773->82637 82774->82649 82775->82672 82779->82640 82780->82648 82801 db3f72 EnterCriticalSection 82791->82801 82793 c090d7 82794 c090f0 FindResourceExW 82793->82794 82796 db3f72 3 API calls 82793->82796 82797 c09125 82793->82797 82805 c09160 LoadResource LockResource SizeofResource 82793->82805 82794->82793 82796->82793 82797->82205 82797->82206 82798->82209 82799->82210 82800->82213 82802 db3f8b 82801->82802 82803 db3f94 82801->82803 82802->82803 82806 db3f4d RaiseException EnterCriticalSection 82802->82806 82803->82793 82805->82793 82806->82803 82807->82225 82808 d00a10 82809 d00a47 82808->82809 82810 d00a87 82808->82810 82811 db4ba2 4 API calls 82809->82811 82812 d00a51 82811->82812 82812->82810 82816 db4a5a 34 API calls 82812->82816 82814 d00a73 82817 db4b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 82814->82817 82816->82814 82817->82810 82818 6c60db00 82823 6c60db97 82818->82823 82819 6c60dc29 82820 6c60dc3e 82819->82820 82821 6c606f60 43 API calls 82819->82821 83019 6c62f84e 82820->83019 82821->82820 82823->82819 82824 6c606f60 43 API calls 82823->82824 82824->82819 82827 6c60dc63 83041 6c606f60 82827->83041 82829 6c60dca8 83059 6c60a720 82829->83059 82831 6c60dcb7 82832 6c60dd19 82831->82832 83071 6c613250 82831->83071 83108 6c607650 82832->83108 82835 6c60de15 82837 6c60de67 82835->82837 83124 6c613600 82835->83124 82836 6c607650 58 API calls 82838 6c60dd3f 82836->82838 82839 6c60de9a error_info_injector 82837->82839 82844 6c60ded4 82837->82844 83215 6c608270 82838->83215 83242 6c62f80f 82839->83242 82842 6c60ded0 83249 6c634b6f 82844->83249 82846 6c60ded9 83254 6c607f30 82846->83254 82848 6c60dee3 82850 6c60df34 82848->82850 82851 6c60e756 82848->82851 82852 6c60e2a0 82850->82852 82853 6c60df3a 82850->82853 82855 6c60e7d0 82851->82855 82856 6c60e75d 82851->82856 83263 6c609870 #171 #171 82852->83263 82858 6c60df45 82853->82858 82859 6c60e156 82853->82859 82854 6c60dd99 82857 6c607aa0 43 API calls 82854->82857 83275 6c6097d0 #118 #118 82855->83275 82954 6c60e0d4 82856->82954 83274 6c6097d0 #118 #118 82856->83274 82874 6c60dda8 82857->82874 82858->82954 83258 6c609870 #171 #171 82858->83258 83261 6c609870 #171 #171 82859->83261 82862 6c60e2c3 82884 6c60e2ec 82862->82884 82885 6c60e568 82862->82885 82863 6c62f80f codecvt 5 API calls 82869 6c60eb3c 82863->82869 82865 6c60dd6e 82865->82854 82871 6c607aa0 43 API calls 82865->82871 82867 6c60e78e 82879 6c606f60 43 API calls 82867->82879 82870 6c60e177 82878 6c606f60 43 API calls 82870->82878 82871->82854 82872 6c60ddd9 82876 6c608270 56 API calls 82872->82876 82873 6c60df71 82875 6c607650 58 API calls 82873->82875 82874->82872 82880 6c607aa0 43 API calls 82874->82880 82881 6c60df79 82875->82881 82883 6c60ddde 82876->82883 82877 6c60eaa5 83279 6c6097d0 #118 #118 82877->83279 82886 6c60e19d 82878->82886 82879->82954 82880->82872 82887 6c60e01c 82881->82887 82893 6c607650 58 API calls 82881->82893 82883->82846 82904 6c607aa0 43 API calls 82883->82904 83264 6c6097d0 #118 #118 82884->83264 82890 6c607650 58 API calls 82885->82890 82885->82954 82891 6c607650 58 API calls 82886->82891 82892 6c62f84e codecvt 16 API calls 82887->82892 82888 6c60eac7 82903 6c606f60 43 API calls 82888->82903 82894 6c60e583 82890->82894 82897 6c60e1a2 82891->82897 82898 6c60e064 82892->82898 82899 6c60df8b 82893->82899 82900 6c60e63d 82894->82900 82906 6c607650 58 API calls 82894->82906 82895 6c60e7f8 82895->82877 83276 6c6097d0 #118 #118 82895->83276 82908 6c607650 58 API calls 82897->82908 82897->82954 82918 6c606f60 43 API calls 82898->82918 82902 6c608270 56 API calls 82899->82902 82905 6c62f84e codecvt 16 API calls 82900->82905 82901 6c60e85f 82907 6c607650 58 API calls 82901->82907 82909 6c60df92 82902->82909 82903->82954 82910 6c60de06 82904->82910 82911 6c60e685 82905->82911 82913 6c60e592 82906->82913 82916 6c60e867 82907->82916 82917 6c60e1ad 82908->82917 82919 6c60eb42 82909->82919 82935 6c607aa0 43 API calls 82909->82935 83241 6c607730 63 API calls 82910->83241 82921 6c606f60 43 API calls 82911->82921 82912 6c60e30e 82914 6c607650 58 API calls 82912->82914 82912->82954 82915 6c608270 56 API calls 82913->82915 82923 6c60e331 82914->82923 82924 6c60e59c 82915->82924 82930 6c607650 58 API calls 82916->82930 83016 6c60e919 82916->83016 82926 6c608270 56 API calls 82917->82926 82927 6c60e0af 82918->82927 82925 6c607f30 2 API calls 82919->82925 82922 6c60e6bb 82921->82922 82928 6c6063d0 43 API calls 82922->82928 82929 6c60e3e7 82923->82929 82938 6c607650 58 API calls 82923->82938 82924->82919 82950 6c607aa0 43 API calls 82924->82950 82932 6c60eb4c 82925->82932 82933 6c60e1b7 82926->82933 82934 6c6063d0 43 API calls 82927->82934 82937 6c60e6d1 82928->82937 83266 6c61b9f0 43 API calls 82929->83266 82939 6c60e879 82930->82939 82931 6c62f84e codecvt 16 API calls 82940 6c60e964 82931->82940 82933->82919 82958 6c607aa0 43 API calls 82933->82958 82941 6c60e0c5 82934->82941 82959 6c60dfbc 82935->82959 83273 6c60aeb0 49 API calls error_info_injector 82937->83273 82944 6c60e340 82938->82944 82945 6c608270 56 API calls 82939->82945 82957 6c606f60 43 API calls 82940->82957 83260 6c60aeb0 49 API calls error_info_injector 82941->83260 82942 6c60e474 82948 6c62f84e codecvt 16 API calls 82942->82948 82949 6c608270 56 API calls 82944->82949 82951 6c60e880 82945->82951 82947 6c60dfde 82956 6c608270 56 API calls 82947->82956 82953 6c60e47f 82948->82953 82955 6c60e347 82949->82955 82969 6c60e5c6 82950->82969 82951->82919 82970 6c607aa0 43 API calls 82951->82970 82960 6c6063d0 43 API calls 82953->82960 82954->82863 82955->82919 82976 6c607aa0 43 API calls 82955->82976 82961 6c60dfe3 82956->82961 82962 6c60e9b9 82957->82962 82973 6c60e1e1 82958->82973 82959->82947 82963 6c607aa0 43 API calls 82959->82963 82964 6c60e49e 82960->82964 82961->82919 82966 6c60dfed 82961->82966 83278 6c609df0 49 API calls codecvt 82962->83278 82963->82947 82968 6c6063d0 43 API calls 82964->82968 82965 6c60e5fc 82971 6c608270 56 API calls 82965->82971 82982 6c607aa0 43 API calls 82966->82982 82975 6c60e4b4 82968->82975 82969->82965 82977 6c607aa0 43 API calls 82969->82977 82992 6c60e8aa 82970->82992 82978 6c60e604 82971->82978 82972 6c60e219 82974 6c608270 56 API calls 82972->82974 82973->82972 82979 6c607aa0 43 API calls 82973->82979 82980 6c60e221 82974->82980 83267 6c60aeb0 49 API calls error_info_injector 82975->83267 82994 6c60e371 82976->82994 82977->82965 82978->82919 82984 6c60e60e 82978->82984 82979->82972 82980->82919 82985 6c60e22b 82980->82985 82987 6c60e00d 82982->82987 82983 6c60e8cc 82988 6c607aa0 43 API calls 82983->82988 82997 6c607aa0 43 API calls 82984->82997 82999 6c607aa0 43 API calls 82985->82999 82986 6c60e4c3 83268 6c6075b0 82986->83268 83259 6c607730 63 API calls 82987->83259 82993 6c60e8db 82988->82993 82989 6c60e9c4 82989->82877 82990 6c60e3a9 82996 6c608270 56 API calls 82990->82996 82992->82983 82995 6c607aa0 43 API calls 82992->82995 82998 6c608270 56 API calls 82993->82998 82994->82990 83000 6c607aa0 43 API calls 82994->83000 82995->82983 83002 6c60e3ae 82996->83002 83003 6c60e62e 82997->83003 83004 6c60e8e0 82998->83004 83005 6c60e24b 82999->83005 83000->82990 83002->82919 83006 6c60e3b8 83002->83006 83272 6c607730 63 API calls 83003->83272 83004->82919 83008 6c60e8ea 83004->83008 83262 6c607730 63 API calls 83005->83262 83010 6c607aa0 43 API calls 83006->83010 83011 6c607aa0 43 API calls 83008->83011 83012 6c60e3d8 83010->83012 83013 6c60e90a 83011->83013 83265 6c607730 63 API calls 83012->83265 83277 6c607730 63 API calls 83013->83277 83016->82931 83021 6c62f853 83019->83021 83022 6c60dc49 83021->83022 83024 6c62f86f codecvt 83021->83024 83280 6c639166 83021->83280 83289 6c63d14a EnterCriticalSection LeaveCriticalSection codecvt 83021->83289 83027 6c6063d0 83022->83027 83290 6c631caa 83024->83290 83026 6c6305e4 83029 6c6063f7 83027->83029 83028 6c6063fe 83028->82827 83029->83028 83030 6c60648f 83029->83030 83032 6c606459 83029->83032 83033 6c60643a 83029->83033 83295 6c607520 RaiseException _com_raise_error codecvt 83030->83295 83038 6c62f84e codecvt 16 API calls 83032->83038 83040 6c60644e codecvt 83032->83040 83033->83030 83035 6c606441 83033->83035 83034 6c606447 83036 6c634b6f 41 API calls 83034->83036 83034->83040 83037 6c62f84e codecvt 16 API calls 83035->83037 83039 6c606499 83036->83039 83037->83034 83038->83040 83040->82827 83042 6c606fa7 83041->83042 83046 6c606f76 codecvt 83041->83046 83043 6c6070ac 83042->83043 83045 6c606fc0 83042->83045 83048 6c6070a7 83042->83048 83053 6c607031 83042->83053 83297 6c606f50 83043->83297 83047 6c607015 83045->83047 83045->83048 83046->82829 83050 6c62f84e codecvt 16 API calls 83047->83050 83296 6c607520 RaiseException _com_raise_error codecvt 83048->83296 83049 6c634b6f 41 API calls 83052 6c6070b6 83049->83052 83056 6c60701b codecvt 83050->83056 83055 6c606f60 43 API calls 83052->83055 83054 6c62f84e codecvt 16 API calls 83053->83054 83053->83056 83054->83056 83057 6c6070f9 83055->83057 83056->83049 83058 6c60708f error_info_injector 83056->83058 83057->82829 83058->82829 83317 6c609df0 49 API calls codecvt 83059->83317 83061 6c60a855 error_info_injector 83061->82831 83062 6c60a75a error_info_injector 83062->83061 83063 6c634b6f 41 API calls 83062->83063 83064 6c60a88c 83063->83064 83065 6c6075b0 41 API calls 83064->83065 83066 6c60a8c8 83065->83066 83067 6c6075b0 41 API calls 83066->83067 83068 6c60a8d4 83067->83068 83069 6c6075b0 41 API calls 83068->83069 83070 6c60a8e3 error_info_injector 83069->83070 83070->82831 83072 6c6132d0 83071->83072 83072->83072 83073 6c606f60 43 API calls 83072->83073 83074 6c6132e9 83073->83074 83075 6c606f60 43 API calls 83074->83075 83076 6c613328 error_info_injector 83075->83076 83077 6c6133ce error_info_injector 83076->83077 83079 6c613409 83076->83079 83078 6c62f80f codecvt 5 API calls 83077->83078 83080 6c613403 83078->83080 83081 6c634b6f 41 API calls 83079->83081 83080->82832 83082 6c61340e 83081->83082 83083 6c606f60 43 API calls 83082->83083 83084 6c613477 83083->83084 83318 6c616bd0 83084->83318 83109 6c607708 83108->83109 83110 6c60768f 83108->83110 83109->82835 83109->82836 83875 6c62fbae 6 API calls 83110->83875 83112 6c607699 83112->83109 83876 6c6197a0 58 API calls 83112->83876 83114 6c6076b1 83115 6c608270 56 API calls 83114->83115 83116 6c6076cb 83115->83116 83117 6c6076d1 83116->83117 83118 6c60771f 83116->83118 83877 6c62ff89 44 API calls 83117->83877 83119 6c607f30 2 API calls 83118->83119 83120 6c607729 83119->83120 83122 6c6076f7 83878 6c62fb64 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 83122->83878 83125 6c61364a 83124->83125 83212 6c613643 83124->83212 83128 6c613677 83125->83128 83129 6c61368f 83125->83129 83126 6c62f80f codecvt 5 API calls 83127 6c61398a 83126->83127 83127->82837 84012 6c60b810 43 API calls 83128->84012 84013 6c60b390 43 API calls 2 library calls 83129->84013 83132 6c61367e 83133 6c6136b2 83132->83133 83134 6c6136ca 83132->83134 84014 6c60b810 43 API calls 83133->84014 84015 6c60b390 43 API calls 2 library calls 83134->84015 83137 6c6136b9 83138 6c613705 83137->83138 83139 6c6136ed 83137->83139 84017 6c60b390 43 API calls 2 library calls 83138->84017 84016 6c60b810 43 API calls 83139->84016 83142 6c6136f4 83143 6c613740 83142->83143 83144 6c613728 83142->83144 84019 6c60b390 43 API calls 2 library calls 83143->84019 84018 6c60b810 43 API calls 83144->84018 83147 6c61372f 83148 6c613773 83147->83148 83149 6c613763 83147->83149 84021 6c60b390 43 API calls 2 library calls 83148->84021 84020 6c60b810 43 API calls 83149->84020 83152 6c61376a 83153 6c6168b0 102 API calls 83152->83153 83154 6c61378b 83153->83154 83155 6c613990 83154->83155 83156 6c6137a8 83154->83156 83157 6c606f50 43 API calls 83155->83157 83879 6c608dd0 83156->83879 83159 6c613995 83157->83159 83161 6c606f50 43 API calls 83159->83161 83160 6c6137c8 83162 6c614440 43 API calls 83160->83162 83163 6c61399a 83161->83163 83164 6c6137de 83162->83164 83165 6c6168b0 102 API calls 83163->83165 83193 6c613b19 error_info_injector 83163->83193 83167 6c6075b0 41 API calls 83164->83167 83168 6c6139e3 83165->83168 83166 6c62f80f codecvt 5 API calls 83170 6c613b4e 83166->83170 83169 6c6137fe 83167->83169 83939 6c613b60 83168->83939 83172 6c619f60 44 API calls 83169->83172 83170->82837 83174 6c61380a 83172->83174 83176 6c612750 43 API calls 83174->83176 83178 6c61381a 83176->83178 83179 6c6075b0 41 API calls 83178->83179 83180 6c613826 83179->83180 83182 6c619f60 44 API calls 83180->83182 83184 6c613832 83182->83184 83186 6c614aa0 55 API calls 83184->83186 83187 6c613842 83186->83187 83188 6c6075b0 41 API calls 83187->83188 83189 6c61384e 83188->83189 83189->83159 83190 6c613863 83189->83190 83194 6c608dd0 43 API calls 83190->83194 83193->83166 83196 6c613883 83194->83196 83892 6c614c50 83196->83892 83200 6c6075b0 41 API calls 83213 6c6138b2 83200->83213 83201 6c613931 83909 6c6151a0 83201->83909 83205 6c6063d0 43 API calls 83205->83213 83212->83126 83213->83201 83213->83205 83214 6c6075b0 41 API calls 83213->83214 84022 6c614580 41 API calls error_info_injector 83213->84022 84023 6c6146f0 44 API calls 2 library calls 83213->84023 83214->83213 83216 6c6082af 83215->83216 83227 6c608303 83215->83227 84175 6c62fbae 6 API calls 83216->84175 83219 6c6082b9 83221 6c6082c5 GetProcessHeap 83219->83221 83219->83227 83220 6c60831d 83229 6c60838e 83220->83229 84179 6c62ff89 44 API calls 83220->84179 84176 6c62ff89 44 API calls 83221->84176 83223 6c6082f2 84177 6c62fb64 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 83223->84177 83226 6c60837d 84180 6c62fb64 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 83226->84180 83227->83229 84178 6c62fbae 6 API calls 83227->84178 83229->82846 83230 6c607aa0 83229->83230 83233 6c607ac6 ___crtLCMapStringW 83230->83233 83236 6c607b31 codecvt 83230->83236 83231 6c607f30 2 API calls 83232 6c607b7c 83231->83232 83233->83236 83237 6c607b10 codecvt 83233->83237 84181 6c607d40 43 API calls 83233->84181 83235 6c607b5f 83235->82865 83236->83231 83236->83235 83237->83236 84182 6c638b31 14 API calls __dosmaperr 83237->84182 83239 6c607b4d 84183 6c634b5f 41 API calls __cftof 83239->84183 83241->82835 83243 6c62f817 83242->83243 83244 6c62f818 IsProcessorFeaturePresent 83242->83244 83243->82842 83246 6c62f8bb 83244->83246 84184 6c62f87e SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 83246->84184 83248 6c62f99e 83248->82842 84185 6c634aab 41 API calls _Fputc 83249->84185 83251 6c634b7e 84186 6c634b8c 11 API calls __FrameHandler3::FrameUnwindToState 83251->84186 83253 6c634b8b 83255 6c607f3d 83254->83255 83256 6c631caa _com_raise_error RaiseException 83255->83256 83257 6c607f4a HeapAlloc 83256->83257 83257->82848 83258->82873 83259->82887 83260->82954 83261->82870 83262->82954 83263->82862 83264->82912 83265->82929 83266->82942 83267->82986 83269 6c6075dd 83268->83269 83270 6c6075fe error_info_injector 83268->83270 83269->83268 83269->83270 83271 6c634b6f 41 API calls 83269->83271 83270->82954 83271->83269 83272->82900 83273->82954 83274->82867 83275->82895 83276->82901 83277->83016 83278->82989 83279->82888 83281 6c63feeb 83280->83281 83282 6c63ff29 83281->83282 83284 6c63ff14 HeapAlloc 83281->83284 83285 6c63fefd __dosmaperr 83281->83285 83294 6c638b31 14 API calls __dosmaperr 83282->83294 83284->83285 83286 6c63ff27 83284->83286 83285->83282 83285->83284 83293 6c63d14a EnterCriticalSection LeaveCriticalSection codecvt 83285->83293 83287 6c63ff2e 83286->83287 83287->83021 83289->83021 83291 6c631cf1 RaiseException 83290->83291 83292 6c631cc4 83290->83292 83291->83026 83292->83291 83293->83285 83294->83287 83316 6c62e106 43 API calls 2 library calls 83297->83316 83317->83062 83369 6c6168b0 83318->83369 83529 6c6280b0 SHGetSpecialFolderPathW 83369->83529 83371 6c616901 83372 6c61691c 83371->83372 83617 6c607c30 43 API calls 3 library calls 83371->83617 83374 6c606f60 43 API calls 83372->83374 83375 6c616969 83374->83375 83376 6c6063d0 43 API calls 83375->83376 83377 6c616988 83376->83377 83548 6c61a1c0 83377->83548 83381 6c6169a9 83382 6c6169e8 error_info_injector 83381->83382 83383 6c616bb2 83381->83383 83384 6c606f60 43 API calls 83382->83384 83385 6c634b6f 41 API calls 83383->83385 83386 6c616a70 83384->83386 83387 6c616bb7 83385->83387 83388 6c614440 43 API calls 83386->83388 83389 6c634b6f 41 API calls 83387->83389 83390 6c616a82 83388->83390 83392 6c616bbc 83389->83392 83390->83387 83391 6c616ab6 error_info_injector 83390->83391 83393 6c614440 43 API calls 83391->83393 83394 6c607f30 2 API calls 83392->83394 83395 6c616ae0 83393->83395 83396 6c616bc6 83394->83396 83397 6c614440 43 API calls 83395->83397 83399 6c6168b0 102 API calls 83396->83399 83398 6c616aed 83397->83398 83400 6c619f60 44 API calls 83398->83400 83401 6c616c1c 83399->83401 83403 6c616af8 83400->83403 83402 6c606f60 43 API calls 83401->83402 83404 6c616c5b 83402->83404 83406 6c608270 56 API calls 83403->83406 83405 6c614440 43 API calls 83404->83405 83414 6c616c6b error_info_injector 83405->83414 83407 6c616b0e 83406->83407 83407->83392 83408 6c616b18 83407->83408 83581 6c609680 83408->83581 83409 6c619f60 44 API calls 83411 6c616cc9 83409->83411 83410 6c616def 83413 6c634b6f 41 API calls 83410->83413 83415 6c612750 43 API calls 83411->83415 83416 6c616df4 83413->83416 83414->83409 83414->83410 83417 6c616cd9 83415->83417 83419 6c6075b0 41 API calls 83417->83419 83418 6c616b5a 83595 6c627eb0 83418->83595 83421 6c616ce5 83419->83421 83422 6c619f60 44 API calls 83421->83422 83425 6c616cf1 83422->83425 83427 6c614aa0 55 API calls 83425->83427 83429 6c616d01 83427->83429 83431 6c6075b0 41 API calls 83429->83431 83530 6c62810a 83529->83530 83531 6c62815d 83529->83531 83533 6c608270 56 API calls 83530->83533 83532 6c608270 56 API calls 83531->83532 83534 6c628162 83532->83534 83535 6c62810f 83533->83535 83536 6c6281a3 83534->83536 83545 6c62815b 83534->83545 83535->83536 83537 6c628119 83535->83537 83538 6c607f30 2 API calls 83536->83538 83542 6c609680 53 API calls 83537->83542 83539 6c6281ad 83538->83539 83540 6c6281ba FreeLibrary 83539->83540 83541 6c6281c8 83539->83541 83540->83541 83541->83371 83546 6c628135 83542->83546 83543 6c62f80f codecvt 5 API calls 83544 6c62819b 83543->83544 83544->83371 83545->83543 83546->83545 83619 6c607db0 43 API calls 3 library calls 83546->83619 83549 6c61a239 83548->83549 83550 6c61a244 83549->83550 83555 6c61a38c 83549->83555 83551 6c61a521 83550->83551 83552 6c61a26d 83550->83552 83621 6c608850 43 API calls 83551->83621 83554 6c606f60 43 API calls 83552->83554 83557 6c61a291 83554->83557 83558 6c61a3f7 83555->83558 83559 6c61a52b 83555->83559 83575 6c61a369 error_info_injector 83555->83575 83556 6c61a526 83560 6c634b6f 41 API calls 83556->83560 83620 6c61a910 43 API calls codecvt 83557->83620 83564 6c606f60 43 API calls 83558->83564 83622 6c608850 43 API calls 83559->83622 83560->83559 83562 6c61a4e3 error_info_injector 83563 6c62f80f codecvt 5 API calls 83562->83563 83567 6c616997 83563->83567 83568 6c61a41b 83564->83568 83566 6c61a2ac 83570 6c6075b0 41 API calls 83566->83570 83576 6c61a540 83567->83576 83571 6c6075b0 41 API calls 83568->83571 83569 6c61a530 83572 6c634b6f 41 API calls 83569->83572 83573 6c61a2ed 83570->83573 83571->83575 83574 6c61a535 83572->83574 83573->83556 83573->83575 83575->83562 83575->83569 83580 6c61a5bc 83576->83580 83577 6c61a72f error_info_injector 83577->83381 83578 6c634b6f 41 API calls 83579 6c61a76f 83578->83579 83580->83577 83580->83578 83582 6c609693 83581->83582 83585 6c609709 83581->83585 83582->83585 83623 6c609480 9 API calls 83582->83623 83584 6c6096a8 83584->83585 83586 6c6096ae FindResourceW 83584->83586 83585->83418 83618 6c607db0 43 API calls 3 library calls 83585->83618 83586->83585 83587 6c6096c2 83586->83587 83624 6c609540 LoadResource LockResource SizeofResource 83587->83624 83589 6c6096cc 83589->83585 83590 6c6096f3 83589->83590 83625 6c607d40 43 API calls 83589->83625 83628 6c627870 83595->83628 83598 6c627ee3 83599 6c627ef7 PathIsUNCW 83617->83372 83618->83418 83619->83545 83620->83566 83623->83584 83624->83589 83625->83590 83629 6c6278a5 83628->83629 83634 6c6278ad 83628->83634 83630 6c62f80f codecvt 5 API calls 83629->83630 83632 6c62799f 83630->83632 83631 6c6279a3 83633 6c607f30 2 API calls 83631->83633 83632->83598 83632->83599 83635 6c6279ad 83633->83635 83634->83629 83634->83631 83636 6c6278dd codecvt 83634->83636 83636->83629 83637 6c6278fb FindFirstFileW 83636->83637 83638 6c627952 GetLastError FindClose 83637->83638 83639 6c627928 83637->83639 83638->83629 83639->83629 83875->83112 83876->83114 83877->83122 83878->83109 83880 6c608dff 83879->83880 83888 6c608e4b codecvt 83879->83888 83881 6c608e0c 83880->83881 83882 6c608ead 83880->83882 83883 6c608e5a 83880->83883 83881->83882 83884 6c608e3e 83881->83884 84025 6c607520 RaiseException _com_raise_error codecvt 83882->84025 83883->83888 83890 6c62f84e codecvt 16 API calls 83883->83890 83886 6c62f84e codecvt 16 API calls 83884->83886 83887 6c608e44 83886->83887 83887->83888 83889 6c634b6f 41 API calls 83887->83889 83888->83160 83891 6c608eb7 83889->83891 83890->83888 83893 6c6163e0 44 API calls 83892->83893 83894 6c614c89 83893->83894 83895 6c614d34 83894->83895 84026 6c615ba0 43 API calls 2 library calls 83894->84026 83897 6c62f80f codecvt 5 API calls 83895->83897 83899 6c61389b 83897->83899 83898 6c614cba 83900 6c614ccf 83898->83900 84027 6c60d7a0 43 API calls 3 library calls 83898->84027 83899->83200 83902 6c6063d0 43 API calls 83900->83902 83903 6c614cf0 83902->83903 84028 6c615cc0 46 API calls codecvt 83903->84028 83905 6c614d0a 83906 6c6075b0 41 API calls 83905->83906 83907 6c614d16 83906->83907 83907->83895 84029 6c615580 41 API calls error_info_injector 83907->84029 84030 6c615680 83909->84030 83912 6c61523c CreateFileW 83916 6c615477 84010 6c613250 137 API calls 83939->84010 83940 6c613ba7 83941 6c613d20 83940->83941 83942 6c613baf 83940->83942 83943 6c607650 58 API calls 83941->83943 83944 6c607650 58 API calls 83942->83944 83946 6c613d25 83943->83946 83945 6c613bb4 83944->83945 83948 6c607650 58 API calls 83945->83948 83989 6c613c40 83945->83989 83947 6c613d2f 83946->83947 83946->83989 83949 6c607650 58 API calls 83947->83949 83951 6c613bc3 83948->83951 83952 6c613d34 83949->83952 83950 6c6063d0 43 API calls 83953 6c613c90 83950->83953 83954 6c608270 56 API calls 83951->83954 83955 6c608270 56 API calls 83952->83955 83956 6c606f60 43 API calls 83953->83956 83957 6c613bca 83954->83957 83958 6c613d3b 83955->83958 83959 6c613ccf 83956->83959 83960 6c61411e 83957->83960 83965 6c607aa0 43 API calls 83957->83965 83958->83960 83966 6c607aa0 43 API calls 83958->83966 83961 6c614440 43 API calls 83959->83961 83962 6c607f30 2 API calls 83960->83962 83969 6c613cdf error_info_injector 83961->83969 83963 6c614128 83962->83963 83970 6c613bfb 83965->83970 83971 6c613d6c 83966->83971 83968 6c614119 83973 6c634b6f 41 API calls 83968->83973 83969->83968 84051 6c6084d0 83969->84051 83975 6c608270 56 API calls 83970->83975 83972 6c608270 56 API calls 83971->83972 83979 6c613d71 83972->83979 83973->83960 83974 6c619f60 44 API calls 83976 6c613e11 83974->83976 83977 6c613c00 83975->83977 84058 6c61d070 83976->84058 83977->83960 83981 6c607aa0 43 API calls 83977->83981 83979->83960 83982 6c607aa0 43 API calls 83979->83982 83984 6c613c2e 83981->83984 83985 6c613d9f 83982->83985 84149 6c607730 63 API calls 83984->84149 84150 6c607730 63 API calls 83985->84150 83989->83950 84010->83940 84012->83132 84013->83132 84014->83137 84015->83137 84016->83142 84017->83142 84018->83147 84019->83147 84020->83152 84021->83152 84022->83213 84023->83213 84026->83898 84027->83900 84028->83905 84029->83895 84031 6c6156fc 84030->84031 84045 6c615703 error_info_injector 84030->84045 84032 6c62f80f codecvt 5 API calls 84031->84032 84033 6c61521f 84032->84033 84033->83912 84033->83916 84034 6c615a51 84036 6c606f50 43 API calls 84034->84036 84035 6c6064a0 43 API calls 84035->84045 84038 6c615a56 84036->84038 84037 6c608dd0 43 API calls 84037->84045 84039 6c634b6f 41 API calls 84038->84039 84040 6c615a5b 84039->84040 84041 6c6075b0 41 API calls 84041->84045 84042 6c608860 43 API calls 84042->84045 84043 6c60caa0 43 API calls 84043->84045 84044 6c606510 43 API calls 84044->84045 84045->84031 84045->84034 84045->84035 84045->84037 84045->84038 84045->84041 84045->84042 84045->84043 84045->84044 84052 6c608532 codecvt 84051->84052 84053 6c608270 56 API calls 84052->84053 84055 6c60854a 84053->84055 84054 6c608550 84054->83974 84055->84054 84056 6c607f30 2 API calls 84055->84056 84057 6c60857e 84056->84057 84059 6c61d0b6 84058->84059 84060 6c61d0db 84059->84060 84061 6c61d0ce FindClose 84059->84061 84152 6c607b80 84060->84152 84061->84060 84064 6c608270 56 API calls 84065 6c61d109 84064->84065 84066 6c61d501 84065->84066 84069 6c609680 53 API calls 84065->84069 84067 6c607f30 2 API calls 84066->84067 84068 6c61d50b 84067->84068 84073 6c61d12e 84069->84073 84070 6c61d159 84071 6c61d31c FindFirstFileW 84070->84071 84072 6c61d17e PathIsUNCW 84070->84072 84107 6c613e29 84070->84107 84071->84107 84073->84070 84157 6c607db0 43 API calls 3 library calls 84073->84157 84149->83989 84150->83969 84153 6c607bb3 84152->84153 84154 6c607bc2 84152->84154 84153->84154 84155 6c607f30 2 API calls 84153->84155 84154->84064 84156 6c607c1c 84155->84156 84157->84070 84175->83219 84176->83223 84177->83227 84178->83220 84179->83226 84180->83229 84181->83237 84182->83239 84183->83236 84184->83248 84185->83251 84186->83253 84187 d0ff10 84188 d0ff5b 84187->84188 84191 d0ff48 84187->84191 84195 cffb90 46 API calls 4 library calls 84188->84195 84190 d0ff65 84192 c078a0 34 API calls 84190->84192 84193 db469a _ValidateLocalCookies 5 API calls 84191->84193 84192->84191 84194 d0ffaa 84193->84194 84195->84190 84196 6c626220 84197 6c626262 84196->84197 84198 6c626303 84196->84198 84204 6c62fbae 6 API calls 84197->84204 84200 6c62626c codecvt 84200->84198 84205 6c626320 84200->84205 84204->84200 84206 6c626375 RegOpenKeyExW 84205->84206 84207 6c626648 84206->84207 84208 6c626398 RegQueryValueExW RegQueryValueExW 84206->84208 84209 6c62666b 84207->84209 84210 6c62665d RegCloseKey 84207->84210 84211 6c626436 RegQueryValueExW 84208->84211 84212 6c6263dd RegQueryValueExW 84208->84212 84213 6c62f80f codecvt 5 API calls 84209->84213 84210->84209 84216 6c62646a 84211->84216 84212->84211 84214 6c626411 84212->84214 84215 6c6262f2 84213->84215 84214->84211 84214->84214 84236 6c62fb64 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 84215->84236 84217 6c6264f9 RegQueryValueExW 84216->84217 84218 6c62649f RegQueryValueExW 84216->84218 84219 6c626535 RegQueryValueExW 84217->84219 84220 6c62651a 84217->84220 84221 6c638f14 std::_Locinfo::_Locinfo_dtor 42 API calls 84218->84221 84222 6c626559 84219->84222 84220->84219 84224 6c6264d0 84221->84224 84223 6c626611 84222->84223 84247 6c62fbae 6 API calls 84222->84247 84227 6c62661b GetCurrentProcess IsWow64Process 84223->84227 84228 6c62663c 84223->84228 84225 6c6264e8 84224->84225 84229 6c638f14 std::_Locinfo::_Locinfo_dtor 42 API calls 84224->84229 84225->84217 84227->84228 84231 6c626633 84227->84231 84237 6c626690 84228->84237 84229->84225 84230 6c6265d4 84230->84223 84233 6c6265e0 GetModuleHandleW GetProcAddress 84230->84233 84231->84228 84248 6c62fb64 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 84233->84248 84235 6c62660e 84235->84223 84236->84198 84238 6c6266e7 RegOpenKeyExW 84237->84238 84239 6c62670a RegQueryValueExW 84238->84239 84246 6c6267a7 84238->84246 84242 6c626782 RegQueryValueExW 84239->84242 84245 6c626734 84239->84245 84240 6c626967 RegCloseKey 84241 6c626975 84240->84241 84243 6c62f80f codecvt 5 API calls 84241->84243 84242->84246 84244 6c626990 84243->84244 84244->84207 84245->84242 84246->84240 84246->84241 84247->84230 84248->84235 84249 6c630401 84250 6c63040a 84249->84250 84251 6c63040f 84249->84251 84266 6c630982 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 84250->84266 84255 6c6302cb 84251->84255 84257 6c6302d7 ___scrt_is_nonwritable_in_current_image 84255->84257 84256 6c630300 dllmain_raw 84258 6c6302e6 84256->84258 84259 6c63031a dllmain_crt_dispatch 84256->84259 84257->84256 84257->84258 84262 6c6302fb __DllMainCRTStartup@12 84257->84262 84259->84258 84259->84262 84260 6c63036c 84260->84258 84261 6c630375 dllmain_crt_dispatch 84260->84261 84261->84258 84263 6c630388 dllmain_raw 84261->84263 84262->84260 84267 6c63021b 84262->84267 84263->84258 84265 6c630361 dllmain_raw 84265->84260 84266->84251 84268 6c630227 ___scrt_is_nonwritable_in_current_image __DllMainCRTStartup@12 84267->84268 84269 6c6302c3 84268->84269 84270 6c630258 84268->84270 84283 6c630230 84268->84283 84299 6c6305e5 IsProcessorFeaturePresent 84269->84299 84290 6c62fd93 84270->84290 84273 6c63025d 84303 6c6309d9 15 API calls ___std_type_info_destroy_list 84273->84303 84275 6c630262 __RTC_Initialize __DllMainCRTStartup@12 84304 6c62ff34 77 API calls ___scrt_uninitialize_crt 84275->84304 84276 6c630300 dllmain_raw 84278 6c6302e6 84276->84278 84279 6c63031a dllmain_crt_dispatch 84276->84279 84277 6c6302ca ___scrt_is_nonwritable_in_current_image 84277->84276 84277->84278 84286 6c6302fb __DllMainCRTStartup@12 84277->84286 84278->84265 84279->84278 84279->84286 84281 6c630281 84305 6c6302bd 12 API calls __DllMainCRTStartup@12 84281->84305 84283->84265 84284 6c63036c 84284->84278 84285 6c630375 dllmain_crt_dispatch 84284->84285 84285->84278 84287 6c630388 dllmain_raw 84285->84287 84286->84284 84288 6c63021b __DllMainCRTStartup@12 83 API calls 84286->84288 84287->84278 84289 6c630361 dllmain_raw 84288->84289 84289->84284 84291 6c62fd98 ___scrt_release_startup_lock 84290->84291 84292 6c62fd9c 84291->84292 84296 6c62fda8 __DllMainCRTStartup@12 84291->84296 84319 6c63de24 84292->84319 84294 6c62fda6 84294->84273 84295 6c62fdb5 84295->84273 84296->84295 84306 6c63d471 84296->84306 84300 6c6305fb __FrameHandler3::FrameUnwindToState codecvt 84299->84300 84301 6c6306a6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 84300->84301 84302 6c6306f1 __FrameHandler3::FrameUnwindToState 84301->84302 84302->84277 84303->84275 84304->84281 84305->84283 84307 6c63d4b0 84306->84307 84308 6c63d49e 84306->84308 84323 6c63d339 84307->84323 84331 6c63d539 GetModuleHandleW 84308->84331 84311 6c63d4a3 84311->84307 84332 6c63d59e GetModuleHandleExW GetProcAddress FreeLibrary 84311->84332 84313 6c63d4fa 84333 6c63d508 13 API calls __FrameHandler3::FrameUnwindToState 84313->84333 84314 6c63d4ed 84314->84273 84318 6c63d4af 84318->84307 84320 6c63de30 __EH_prolog3 84319->84320 84340 6c63db5d 84320->84340 84322 6c63de57 codecvt 84322->84294 84324 6c63d345 ___scrt_is_nonwritable_in_current_image 84323->84324 84334 6c63b51a EnterCriticalSection 84324->84334 84326 6c63d34f 84335 6c63d386 84326->84335 84328 6c63d35c 84339 6c63d37a LeaveCriticalSection std::_Lockit::~_Lockit 84328->84339 84330 6c63d368 84330->84313 84330->84314 84331->84311 84332->84318 84334->84326 84337 6c63d392 ___scrt_is_nonwritable_in_current_image 84335->84337 84336 6c63d3f9 __FrameHandler3::FrameUnwindToState 84336->84328 84337->84336 84338 6c63de24 __DllMainCRTStartup@12 14 API calls 84337->84338 84338->84336 84339->84330 84341 6c63db69 ___scrt_is_nonwritable_in_current_image 84340->84341 84348 6c63b51a EnterCriticalSection 84341->84348 84343 6c63db77 84349 6c63dd34 84343->84349 84347 6c63db95 84347->84322 84348->84343 84350 6c63dd53 84349->84350 84351 6c63db84 84349->84351 84350->84351 84354 6c63feb1 14 API calls __dosmaperr 84350->84354 84353 6c63dbac LeaveCriticalSection std::_Lockit::~_Lockit 84351->84353 84353->84347 84354->84351 84355 6c6300c1 84356 6c6300ff 84355->84356 84357 6c6300cc 84355->84357 84360 6c63021b __DllMainCRTStartup@12 88 API calls 84356->84360 84358 6c6300f1 84357->84358 84359 6c6300d1 84357->84359 84369 6c630114 16 API calls 4 library calls 84358->84369 84361 6c6300e7 84359->84361 84362 6c6300d6 84359->84362 84366 6c6300db 84360->84366 84368 6c62fd33 23 API calls 84361->84368 84362->84366 84367 6c62fd52 21 API calls 84362->84367 84367->84366 84368->84366 84369->84366 84370 d25370 84379 d24f80 84370->84379 84373 d253ca 84375 d253da 84373->84375 84377 d253e1 GetFileVersionInfoW 84373->84377 84374 d2542e GetLastError 84374->84375 84376 d25440 DeleteFileW 84375->84376 84378 d25447 84375->84378 84376->84378 84377->84374 84377->84375 84394 d20240 84379->84394 84382 d24fc6 SHGetFolderPathW 84386 d24fe4 std::locale::_Setgloballocale 84382->84386 84383 db469a _ValidateLocalCookies 5 API calls 84384 d251b9 GetFileVersionInfoSizeW 84383->84384 84384->84373 84384->84374 84385 d2505a GetTempPathW 84401 db6bd0 84385->84401 84386->84385 84393 d2518a 84386->84393 84389 d250a6 84390 d25112 Wow64DisableWow64FsRedirection CopyFileW 84389->84390 84391 d25160 84390->84391 84392 d25178 Wow64RevertWow64FsRedirection 84391->84392 84391->84393 84392->84393 84393->84383 84403 d20370 84394->84403 84397 db4ba2 4 API calls 84398 d20290 std::locale::_Setgloballocale 84397->84398 84400 d20317 84398->84400 84411 db4b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 84398->84411 84400->84382 84400->84393 84402 d25082 GetTempFileNameW 84401->84402 84402->84389 84404 d203a7 84403->84404 84410 d20269 84403->84410 84405 db4ba2 4 API calls 84404->84405 84406 d203b1 84405->84406 84406->84410 84412 d20410 84406->84412 84410->84397 84410->84400 84411->84400 84413 d20466 RegOpenKeyExW 84412->84413 84414 d207a6 84413->84414 84415 d2048c RegQueryValueExW RegQueryValueExW 84413->84415 84416 d207d2 84414->84416 84417 d207c1 RegCloseKey 84414->84417 84418 d2054b RegQueryValueExW 84415->84418 84419 d204ef RegQueryValueExW 84415->84419 84420 db469a _ValidateLocalCookies 5 API calls 84416->84420 84417->84416 84423 d2058e 84418->84423 84419->84418 84421 d20523 84419->84421 84422 d203da 84420->84422 84421->84418 84421->84421 84443 db4b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 84422->84443 84424 d2062d RegQueryValueExW 84423->84424 84425 d205ca RegQueryValueExW 84423->84425 84426 d2065a 84424->84426 84427 d2067f RegQueryValueExW 84424->84427 84454 dbfa5a 44 API calls 2 library calls 84425->84454 84426->84427 84429 d206ac 84427->84429 84431 d20766 84429->84431 84433 db4ba2 4 API calls 84429->84433 84430 d20604 84432 d2061c 84430->84432 84455 dbfa5a 44 API calls 2 library calls 84430->84455 84434 d20770 GetCurrentProcess IsWow64Process 84431->84434 84435 d2079a 84431->84435 84432->84424 84437 d20729 84433->84437 84434->84435 84438 d2078e 84434->84438 84444 d207f0 84435->84444 84437->84431 84440 d20735 GetModuleHandleW GetProcAddress 84437->84440 84438->84435 84456 db4b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 84440->84456 84442 d20763 84442->84431 84443->84410 84445 d20848 RegOpenKeyExW 84444->84445 84446 d2086e RegQueryValueExW 84445->84446 84453 d20920 84445->84453 84449 d208ef RegQueryValueExW 84446->84449 84452 d208a1 84446->84452 84447 d20afe 84450 db469a _ValidateLocalCookies 5 API calls 84447->84450 84448 d20aed RegCloseKey 84448->84447 84449->84453 84451 d20b16 84450->84451 84451->84414 84452->84449 84453->84447 84453->84448 84454->84430 84455->84432 84456->84442 84457 cbc500 IsWindow 84458 cbc55d 84457->84458 84459 cbc554 DestroyWindow 84457->84459 84460 c078a0 34 API calls 84458->84460 84459->84458 84461 cbc573 84460->84461 84476 c39c60 34 API calls 2 library calls 84461->84476 84463 cbc58c 84464 c078a0 34 API calls 84463->84464 84465 cbc598 84464->84465 84466 c078a0 34 API calls 84465->84466 84467 cbc5a4 84466->84467 84468 c078a0 34 API calls 84467->84468 84469 cbc5b0 84468->84469 84470 c078a0 34 API calls 84469->84470 84471 cbc5bb 84470->84471 84477 c710d0 46 API calls 84471->84477 84473 cbc5c7 84474 cbc5f3 84473->84474 84478 db42f1 10 API calls 84473->84478 84476->84463 84477->84473 84478->84474 84479 db1b8b 84505 db18e9 84479->84505 84481 db1b9b 84482 db1bf8 84481->84482 84491 db1c1c 84481->84491 84514 db1b29 6 API calls 3 library calls 84482->84514 84484 db1c03 RaiseException 84485 db1df1 84484->84485 84486 db1c94 LoadLibraryExA 84487 db1ca7 GetLastError 84486->84487 84488 db1cf5 84486->84488 84493 db1cba 84487->84493 84494 db1cd0 84487->84494 84489 db1d07 84488->84489 84492 db1d00 FreeLibrary 84488->84492 84490 db1d65 GetProcAddress 84489->84490 84500 db1dc3 84489->84500 84496 db1d75 GetLastError 84490->84496 84490->84500 84491->84486 84491->84488 84491->84489 84491->84500 84492->84489 84493->84488 84493->84494 84515 db1b29 6 API calls 3 library calls 84494->84515 84499 db1d88 84496->84499 84497 db1cdb RaiseException 84497->84485 84499->84500 84516 db1b29 6 API calls 3 library calls 84499->84516 84517 db1b29 6 API calls 3 library calls 84500->84517 84502 db1da9 RaiseException 84503 db18e9 DloadAcquireSectionWriteAccess 6 API calls 84502->84503 84504 db1dc0 84503->84504 84504->84500 84506 db191b 84505->84506 84507 db18f5 84505->84507 84506->84481 84518 db1992 GetModuleHandleW GetProcAddress GetProcAddress DloadAcquireSectionWriteAccess 84507->84518 84509 db18fa 84510 db1916 84509->84510 84519 db1abb VirtualQuery GetSystemInfo VirtualProtect DloadProtectSection 84509->84519 84520 db191c GetModuleHandleW GetProcAddress GetProcAddress 84510->84520 84513 db1b64 84513->84481 84514->84484 84515->84497 84516->84502 84517->84485 84518->84509 84519->84510 84520->84513 84521 c09b90 84522 c09b9c 84521->84522 84523 c09bd4 84521->84523 84522->84523 84524 c09980 2 API calls 84522->84524 84524->84523 84525 c08710 84526 c08728 84525->84526 84527 c0871a CloseHandle 84525->84527 84527->84526 84528 d1a060 84572 d18790 34 API calls 84528->84572 84530 d1a0a8 84573 c310e0 34 API calls 84530->84573 84532 d1a0bd 84574 c08e00 84532->84574 84535 c078a0 34 API calls 84536 d1a0df 84535->84536 84538 d1a302 84536->84538 84542 d1a113 std::ios_base::_Ios_base_dtor std::locale::_Setgloballocale 84536->84542 84537 d1a183 84539 d1a1a7 84537->84539 84543 d1a190 84537->84543 84540 db9b1f std::_Throw_Cpp_error 34 API calls 84538->84540 84578 d230c0 84539->84578 84544 d1a307 84540->84544 84542->84537 84608 c18020 44 API calls 84542->84608 84614 d247e0 79 API calls 4 library calls 84543->84614 84548 db9b1f std::_Throw_Cpp_error 34 API calls 84544->84548 84545 d1a1b5 84549 c07160 34 API calls 84545->84549 84552 d1a30c 84548->84552 84553 d1a1f4 84549->84553 84550 d1a15e 84609 c07050 84550->84609 84551 d1a1a4 84551->84539 84554 c07160 34 API calls 84552->84554 84615 d18790 34 API calls 84553->84615 84556 d1a37c 84554->84556 84617 db62f5 84556->84617 84557 d1a205 84616 d20fc0 49 API calls 5 library calls 84557->84616 84561 d1a38f 84630 d247e0 79 API calls 4 library calls 84561->84630 84563 d1a2a1 std::ios_base::_Ios_base_dtor 84566 c078a0 34 API calls 84563->84566 84564 d1a39e 84565 d1a21c std::ios_base::_Ios_base_dtor 84565->84544 84565->84563 84567 d1a2cb 84566->84567 84568 c078a0 34 API calls 84567->84568 84569 d1a2da 84568->84569 84570 db469a _ValidateLocalCookies 5 API calls 84569->84570 84571 d1a2f8 84570->84571 84572->84530 84573->84532 84575 c08e40 84574->84575 84575->84575 84576 c07050 34 API calls 84575->84576 84577 c08e5b 84576->84577 84577->84535 84579 c07750 34 API calls 84578->84579 84580 d23169 std::locale::_Setgloballocale 84579->84580 84581 d2319a LoadStringW 84580->84581 84582 d231c9 84581->84582 84589 d23207 std::locale::_Setgloballocale 84581->84589 84583 c07160 34 API calls 84582->84583 84584 d231fe 84583->84584 84590 c078a0 34 API calls 84584->84590 84594 d232bd std::ios_base::_Ios_base_dtor 84584->84594 84585 d2325c LoadStringW 84586 d23273 84585->84586 84585->84589 84587 c07160 34 API calls 84586->84587 84587->84584 84589->84585 84631 d23460 35 API calls 2 library calls 84589->84631 84590->84594 84591 d2335f std::ios_base::_Ios_base_dtor 84592 db469a _ValidateLocalCookies 5 API calls 84591->84592 84595 d23397 84592->84595 84593 d2339e 84596 db9b1f std::_Throw_Cpp_error 34 API calls 84593->84596 84594->84591 84594->84593 84595->84545 84597 d233a3 84596->84597 84598 d2344e 84597->84598 84600 d23431 SysAllocStringLen 84597->84600 84601 d233e9 84597->84601 84599 c09980 2 API calls 84598->84599 84604 d23458 84599->84604 84602 d23444 84600->84602 84603 d233ee CLSIDFromString SysFreeString 84600->84603 84601->84603 84605 c09980 2 API calls 84602->84605 84606 db469a _ValidateLocalCookies 5 API calls 84603->84606 84605->84598 84607 d2342d 84606->84607 84607->84545 84608->84550 84610 c07097 84609->84610 84613 c07063 std::locale::_Locimp::_Locimp 84609->84613 84632 c06f20 34 API calls 3 library calls 84610->84632 84612 c070a8 84612->84537 84613->84537 84614->84551 84615->84557 84616->84565 84633 db6303 84617->84633 84619 db62fa 84619->84561 84647 dcdd2e EnterCriticalSection std::locale::_Setgloballocale 84619->84647 84621 dbe1b0 84622 dbe1bb 84621->84622 84648 dcdd73 34 API calls 7 library calls 84621->84648 84623 dbe1e4 84622->84623 84624 dbe1c5 IsProcessorFeaturePresent 84622->84624 84650 dbfec8 34 API calls std::locale::_Setgloballocale 84623->84650 84626 dbe1d1 84624->84626 84649 db9913 8 API calls 2 library calls 84626->84649 84629 dbe1ee 84630->84564 84631->84589 84632->84612 84634 db630f GetLastError 84633->84634 84635 db630c 84633->84635 84651 db94ed 6 API calls ___vcrt_FlsFree 84634->84651 84635->84619 84637 db6324 84638 db6343 84637->84638 84639 db6389 SetLastError 84637->84639 84652 db9528 6 API calls ___vcrt_FlsFree 84637->84652 84638->84639 84639->84619 84641 db633d 84641->84638 84642 db6365 84641->84642 84653 db9528 6 API calls ___vcrt_FlsFree 84641->84653 84645 db6379 84642->84645 84654 db9528 6 API calls ___vcrt_FlsFree 84642->84654 84646 dbe536 __freea 3 API calls 84645->84646 84646->84638 84647->84621 84648->84622 84649->84623 84650->84629 84651->84637 84652->84641 84653->84642 84654->84645 84655 c10db0 84656 c10df7 std::ios_base::_Ios_base_dtor 84655->84656 84657 c10de7 84655->84657 84657->84656 84658 db9b1f std::_Throw_Cpp_error 34 API calls 84657->84658 84659 c10e2c 84658->84659 84662 c111e0 34 API calls std::ios_base::_Ios_base_dtor 84659->84662 84661 c10e6c std::ios_base::_Ios_base_dtor 84662->84661 84663 c22250 84666 d2acf0 84663->84666 84665 c22264 84667 d2ad26 84666->84667 84668 d2ad3a 84666->84668 84667->84665 84669 c09cc0 43 API calls 84668->84669 84684 d2ad3f 84669->84684 84670 d2af1a 84671 c09980 2 API calls 84670->84671 84672 d2af24 84671->84672 84674 c09cc0 43 API calls 84674->84684 84677 c092a0 43 API calls 84677->84684 84678 d2adff GetActiveWindow 84679 d2ae13 GetForegroundWindow 84678->84679 84678->84684 84679->84684 84681 d2ae4f SetForegroundWindow 84681->84684 84682 d2aede 84682->84665 84684->84670 84684->84674 84684->84677 84684->84678 84684->84681 84684->84682 84685 d2af30 62 API calls 84684->84685 84686 c09800 35 API calls 4 library calls 84684->84686 84687 cc0020 LoadStringW LoadStringW 84684->84687 84688 d4b860 84684->84688 84698 c09800 35 API calls 4 library calls 84684->84698 84685->84684 84686->84684 84687->84684 84689 d4b9aa 84688->84689 84692 d4b885 84688->84692 84690 db469a _ValidateLocalCookies 5 API calls 84689->84690 84691 d4b9bd 84690->84691 84691->84684 84692->84689 84693 d4b921 GetDiskFreeSpaceExW 84692->84693 84693->84692 84695 d4b97f 84693->84695 84694 d4b993 84696 db469a _ValidateLocalCookies 5 API calls 84694->84696 84695->84689 84695->84694 84697 d4b9a6 84696->84697 84697->84684 84698->84678 84699 c318b0 84700 c3191b 84699->84700 84702 c318e5 std::ios_base::_Ios_base_dtor 84699->84702 84701 c078a0 34 API calls 84701->84702 84702->84700 84702->84701 84703 c3aff0 84704 c103a0 61 API calls 84703->84704 84705 c3b034 84704->84705 84706 c3b059 84705->84706 84708 c07160 34 API calls 84705->84708 84707 c078a0 34 API calls 84706->84707 84709 c3b068 84707->84709 84708->84706 84710 c07160 34 API calls 84709->84710 84711 c3b0a0 84710->84711 84765 d6c580 84711->84765 84714 c3b186 84715 db9b1f std::_Throw_Cpp_error 34 API calls 84714->84715 84717 c3b18b 84715->84717 84716 c3b0ed std::ios_base::_Ios_base_dtor 84718 c3b122 LoadLibraryExW 84716->84718 84719 c3b159 84716->84719 84720 c09cc0 43 API calls 84717->84720 84718->84719 84721 c3b133 GetProcAddress GetProcAddress GetProcAddress 84718->84721 84722 c3b168 84719->84722 84769 6c60d9d0 84719->84769 84724 c3b1ca 84720->84724 84721->84719 84723 db469a _ValidateLocalCookies 5 API calls 84722->84723 84725 c3b180 84723->84725 84726 c3b2f1 84724->84726 84731 c3b1d4 84724->84731 84727 c09980 2 API calls 84726->84727 84728 c3b2fb 84727->84728 84729 c09cc0 43 API calls 84728->84729 84730 c3b333 84729->84730 84733 c3b42c 84730->84733 84739 c09cc0 43 API calls 84730->84739 84732 c20880 107 API calls 84731->84732 84734 c3b219 84732->84734 84735 c09980 2 API calls 84733->84735 84736 c20880 107 API calls 84734->84736 84737 c3b436 84735->84737 84738 c3b228 84736->84738 84740 c20880 107 API calls 84738->84740 84741 c3b35a 84739->84741 84742 c3b237 84740->84742 84741->84733 84745 c09cc0 43 API calls 84741->84745 84743 c3b25b 84742->84743 84744 c20880 107 API calls 84742->84744 84749 c07160 34 API calls 84743->84749 84746 c3b24c 84744->84746 84747 c3b37e 84745->84747 84748 c20880 107 API calls 84746->84748 84747->84733 84751 c09cc0 43 API calls 84747->84751 84748->84743 84750 c3b2a8 84749->84750 84752 c3b3a9 84751->84752 84752->84733 84753 c3b3ad 84752->84753 84754 c211a0 35 API calls 84753->84754 84755 c3b3cc 84754->84755 84756 c211a0 35 API calls 84755->84756 84757 c3b3d7 84756->84757 84758 c211a0 35 API calls 84757->84758 84759 c3b3e2 84758->84759 84760 c211a0 35 API calls 84759->84760 84761 c3b3ff 84760->84761 84780 c3d1f0 35 API calls 84761->84780 84763 c3b40b 84766 d6c5c7 84765->84766 84767 c3b0b3 84766->84767 84781 d6c670 84766->84781 84767->84714 84767->84716 85008 6c60ec50 84769->85008 84780->84763 84782 d6c6bf CreateFileW 84781->84782 84783 d6c6bd 84781->84783 84784 d6c6df 84782->84784 84783->84782 84805 c207f0 84784->84805 84786 d6c70e std::locale::_Setgloballocale 84787 d6c777 84786->84787 84788 d6c75a WriteFile 84786->84788 84789 d6c7a7 std::ios_base::_Ios_base_dtor 84787->84789 84792 d6c7fd 84787->84792 84788->84786 84788->84787 84790 d6c7db CloseHandle 84789->84790 84791 d6c7e9 84789->84791 84790->84791 84791->84767 84793 db9b1f std::_Throw_Cpp_error 34 API calls 84792->84793 84794 d6c802 84793->84794 84822 d6bf60 84794->84822 84797 d6c83a 84831 d6c8e0 84797->84831 84799 c07160 34 API calls 84799->84797 84806 c20863 84805->84806 84807 c20800 84805->84807 84906 c06a90 34 API calls std::_Throw_Cpp_error 84806->84906 84809 c20836 84807->84809 84810 c20808 84807->84810 84811 c20852 84809->84811 84814 db46d9 std::_Facet_Register 2 API calls 84809->84814 84812 c20868 84810->84812 84813 c2080f 84810->84813 84811->84786 84907 c07730 34 API calls 2 library calls 84812->84907 84816 db46d9 std::_Facet_Register 2 API calls 84813->84816 84818 c20840 84814->84818 84817 c20815 84816->84817 84819 c2081e 84817->84819 84820 db9b1f std::_Throw_Cpp_error 34 API calls 84817->84820 84818->84786 84819->84786 84821 c20872 84820->84821 84823 c07160 34 API calls 84822->84823 84824 d6bf78 84823->84824 84825 d6bf90 84824->84825 84826 c078a0 34 API calls 84824->84826 84827 d6bfb1 84825->84827 84908 d6e2d0 34 API calls std::ios_base::_Ios_base_dtor 84825->84908 84826->84824 84830 d6bfd2 84827->84830 84909 c08580 34 API calls 2 library calls 84827->84909 84830->84797 84830->84799 84832 d6ccc1 84831->84832 84833 d6c92a 84831->84833 84834 db469a _ValidateLocalCookies 5 API calls 84832->84834 84835 c07160 34 API calls 84833->84835 84836 d6c84a 84834->84836 84837 d6c950 84835->84837 84871 d6ccf0 84836->84871 84838 d6cb3d 84837->84838 84859 d6c95f std::ios_base::_Ios_base_dtor 84837->84859 84839 c07050 34 API calls 84838->84839 84840 d6ca87 84839->84840 84910 c08d60 84840->84910 84842 c07050 34 API calls 84842->84859 84844 c08e00 34 API calls 84845 d6caae 84844->84845 84847 c07050 34 API calls 84845->84847 84846 c07160 34 API calls 84846->84859 84849 d6caca 84847->84849 84850 c078a0 34 API calls 84849->84850 84852 d6cad6 84850->84852 84851 c08e00 34 API calls 84851->84859 84853 c078a0 34 API calls 84852->84853 84854 d6cae2 84853->84854 84856 c07050 34 API calls 84854->84856 84866 d6cb19 std::ios_base::_Ios_base_dtor 84854->84866 84855 c078a0 34 API calls 84855->84859 84857 d6caf5 84856->84857 84860 c07050 34 API calls 84857->84860 84858 d6cc66 84862 c078a0 34 API calls 84858->84862 84859->84840 84859->84842 84859->84846 84859->84851 84859->84855 84861 d6cce1 84859->84861 84918 c310e0 34 API calls 84859->84918 84860->84866 84863 db9b1f std::_Throw_Cpp_error 34 API calls 84861->84863 84862->84832 84865 d6cce6 84863->84865 84864 c07160 34 API calls 84864->84866 84866->84858 84866->84861 84866->84864 84868 c08e00 34 API calls 84866->84868 84869 c07050 34 API calls 84866->84869 84870 c078a0 34 API calls 84866->84870 84919 c310e0 34 API calls 84866->84919 84868->84866 84869->84866 84870->84866 84874 d6cd38 84871->84874 84875 d6cd31 84871->84875 84872 db469a _ValidateLocalCookies 5 API calls 84873 d6c851 84872->84873 84881 d6ced0 84873->84881 84876 d6ce01 84874->84876 84878 c07160 34 API calls 84874->84878 84925 c3a570 34 API calls 84874->84925 84875->84872 84876->84875 84926 dbec1e 44 API calls 84876->84926 84927 d6e4a0 35 API calls std::locale::_Locimp::_Locimp 84876->84927 84878->84874 84882 d6d7da 84881->84882 84903 d6cf30 std::ios_base::_Ios_base_dtor std::locale::_Setgloballocale 84881->84903 84883 db469a _ValidateLocalCookies 5 API calls 84882->84883 84884 d6c85c 84883->84884 84884->84767 84885 db46d9 std::_Facet_Register 2 API calls 84885->84903 84891 d6e190 35 API calls 84891->84903 84892 c07160 34 API calls 84892->84903 84893 d6d80e 84894 db9b1f std::_Throw_Cpp_error 34 API calls 84893->84894 84895 d6d813 84894->84895 84900 c08e00 34 API calls 84900->84903 84901 c07050 34 API calls 84901->84903 84903->84882 84903->84885 84903->84891 84903->84892 84903->84893 84903->84900 84903->84901 84904 d6c670 57 API calls 84903->84904 84905 c078a0 34 API calls 84903->84905 84928 d6bbf0 84903->84928 84936 d6e800 84903->84936 84968 d107e0 34 API calls _ValidateLocalCookies 84903->84968 84969 c0de00 34 API calls 84903->84969 84970 d15fc0 34 API calls 5 library calls 84903->84970 84971 d1efa0 34 API calls 5 library calls 84903->84971 84972 d6ed10 34 API calls std::locale::_Locimp::_Locimp 84903->84972 84973 d6e5d0 34 API calls 3 library calls 84903->84973 84974 d6ebe0 84903->84974 84979 c32170 34 API calls std::ios_base::_Ios_base_dtor 84903->84979 84904->84903 84905->84903 84907->84817 84908->84827 84909->84827 84911 c08da0 84910->84911 84911->84911 84912 c08dc0 84911->84912 84913 c08df9 84911->84913 84920 c06e80 84912->84920 84924 c07150 34 API calls 3 library calls 84913->84924 84915 c08dfe 84917 c08dd7 84917->84844 84918->84859 84919->84866 84921 c06eaf 84920->84921 84923 c06ed6 std::locale::_Locimp::_Locimp 84920->84923 84922 c07750 34 API calls 84921->84922 84922->84923 84923->84917 84924->84915 84925->84874 84926->84876 84927->84876 84929 d6bc2e 84928->84929 84931 d6bc84 84928->84931 84930 db4ba2 4 API calls 84929->84930 84932 d6bc38 84930->84932 84931->84903 84932->84931 84980 db4a5a 34 API calls 84932->84980 84934 d6bc73 84981 db4b58 EnterCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 84934->84981 84937 d6e9a5 84936->84937 84938 d6e84d 84936->84938 84992 c06a90 34 API calls std::_Throw_Cpp_error 84937->84992 84939 d6e9a0 84938->84939 84942 d6e8bf 84938->84942 84943 d6e898 84938->84943 84991 c07730 34 API calls 2 library calls 84939->84991 84948 db46d9 std::_Facet_Register 2 API calls 84942->84948 84950 d6e8a9 84942->84950 84943->84939 84945 d6e8a3 84943->84945 84944 db9b1f std::_Throw_Cpp_error 34 API calls 84946 d6e9af 84944->84946 84947 db46d9 std::_Facet_Register 2 API calls 84945->84947 84993 d6e2d0 34 API calls std::ios_base::_Ios_base_dtor 84946->84993 84947->84950 84948->84950 84953 d6ebe0 34 API calls 84950->84953 84966 d6e946 84950->84966 84951 d6e9bb 84994 c25dc0 34 API calls 2 library calls 84951->84994 84954 d6e8f8 84953->84954 84956 d6e913 84954->84956 84957 d6e909 84954->84957 84955 d6e9c9 84958 db641a std::_Throw_Cpp_error RaiseException 84955->84958 84988 d6eb10 34 API calls std::_Facet_Register 84956->84988 84982 d6ea80 84957->84982 84961 d6e9d2 84958->84961 84962 d6e90e 84967 d6e96b std::ios_base::_Ios_base_dtor 84962->84967 84990 d6e2d0 34 API calls std::ios_base::_Ios_base_dtor 84962->84990 84963 d6e91a 84989 d6eb10 34 API calls std::_Facet_Register 84963->84989 84966->84944 84966->84967 84967->84903 84968->84903 84969->84903 84970->84903 84971->84903 84972->84903 84973->84903 84975 db46d9 std::_Facet_Register 2 API calls 84974->84975 84976 d6ec29 84975->84976 84996 d6ee10 84976->84996 84979->84903 84980->84934 84981->84931 84983 d6eadb 84982->84983 84986 d6eac6 84982->84986 84995 d6e2d0 34 API calls std::ios_base::_Ios_base_dtor 84983->84995 84984 d6ebe0 34 API calls 84984->84986 84986->84983 84986->84984 84987 d6eaef 84987->84962 84988->84963 84989->84962 84990->84966 84991->84937 84993->84951 84994->84955 84995->84987 84997 d6ee52 84996->84997 85007 d6ec57 84996->85007 84998 db46d9 std::_Facet_Register 2 API calls 84997->84998 84999 d6ee74 84998->84999 85000 c06610 34 API calls 84999->85000 85001 d6ee8a 85000->85001 85002 c06610 34 API calls 85001->85002 85003 d6ee9a 85002->85003 85004 d6ee10 34 API calls 85003->85004 85005 d6eeee 85004->85005 85006 d6ee10 34 API calls 85005->85006 85006->85007 85007->84903 85009 6c609740 2 API calls 85008->85009 85010 6c60eca6 85009->85010 85011 6c606f60 43 API calls 85010->85011 85012 6c60ecf9 85011->85012 85013 6c609740 2 API calls 85012->85013 85014 6c60ed1b 85013->85014 85015 6c606f60 43 API calls 85014->85015 85016 6c60ed69 85015->85016 85017 6c609740 2 API calls 85016->85017 85018 6c60ed8b 85017->85018 85019 6c638f14 std::_Locinfo::_Locinfo_dtor 42 API calls 85018->85019 85020 6c60ed98 85019->85020 85057 6c611bd0 85020->85057 85058 6c62f84e codecvt 16 API calls 85057->85058 85059 6c611c0f 85058->85059 85063 6c612d20 85059->85063 85064 6c6063d0 43 API calls 85063->85064 85065 6c612d6e 85064->85065 85066 6c6063d0 43 API calls 85065->85066 85067 6c612d7e 85066->85067 85101 6c6058d0 85067->85101 85069 6c612e80 error_info_injector 85070 6c62f84e codecvt 16 API calls 85069->85070 85073 6c612edf 85070->85073 85071 6c612ff9 85074 6c634b6f 41 API calls 85071->85074 85072 6c612df7 error_info_injector 85072->85069 85072->85071 85075 6c60cf40 48 API calls 85073->85075 85076 6c612ffe 85074->85076 85077 6c612f06 85075->85077 85078 6c634b6f 41 API calls 85076->85078 85079 6c606f60 43 API calls 85077->85079 85085 6c613003 85078->85085 85080 6c612f44 85079->85080 85081 6c6075b0 41 API calls 85083 6c6130b0 85081->85083 85085->85081 85119 6c605c30 85101->85119 85103 6c605915 85133 6c605e00 SHGetFolderPathW GetVolumeInformationW 85103->85133 85106 6c606510 43 API calls 85107 6c60593a 85106->85107 85108 6c6075b0 41 API calls 85107->85108 85109 6c605946 85108->85109 85143 6c605f40 85109->85143 85111 6c605950 85112 6c605964 85111->85112 85114 6c6075b0 41 API calls 85111->85114 85113 6c6075b0 41 API calls 85112->85113 85115 6c60599c 85113->85115 85114->85112 85116 6c62f80f codecvt 5 API calls 85115->85116 85117 6c6059b5 85116->85117 85117->85072 85163 6c605b60 85119->85163 85122 6c605d00 85124 6c605d20 85122->85124 85128 6c605d85 85122->85128 85123 6c605c8b 85125 6c606f60 43 API calls 85123->85125 85127 6c606f60 43 API calls 85124->85127 85126 6c605cc0 85125->85126 85130 6c634b6f 41 API calls 85126->85130 85131 6c605cf9 error_info_injector 85126->85131 85127->85126 85170 6c6059c0 47 API calls 2 library calls 85128->85170 85132 6c605df7 85130->85132 85131->85103 85134 6c605e88 85133->85134 85135 6c605ead 85133->85135 85136 6c606f60 43 API calls 85134->85136 85173 6c606600 45 API calls _swprintf 85135->85173 85138 6c605eab 85136->85138 85140 6c62f80f codecvt 5 API calls 85138->85140 85139 6c605ebe 85142 6c606f60 43 API calls 85139->85142 85141 6c60592b 85140->85141 85141->85106 85142->85138 85144 6c605f94 85143->85144 85174 6c617460 43 API calls 85144->85174 85146 6c605fa5 codecvt 85175 6c619690 5 API calls codecvt 85146->85175 85149 6c606f60 43 API calls 85151 6c606049 error_info_injector 85149->85151 85150 6c606510 43 API calls 85150->85151 85151->85149 85151->85150 85152 6c606191 85151->85152 85154 6c606207 85151->85154 85176 6c606600 45 API calls _swprintf 85151->85176 85177 6c606ec0 41 API calls error_info_injector 85152->85177 85156 6c634b6f 41 API calls 85154->85156 85155 6c6061ea 85157 6c62f80f codecvt 5 API calls 85155->85157 85159 6c60620c 85156->85159 85158 6c606203 85157->85158 85158->85111 85160 6c606258 error_info_injector 85159->85160 85161 6c634b6f 41 API calls 85159->85161 85160->85111 85162 6c60628d 85161->85162 85164 6c605b88 85163->85164 85168 6c605b80 codecvt 85163->85168 85164->85168 85171 6c606820 43 API calls 2 library calls 85164->85171 85165 6c605bc4 GetAdaptersInfo 85167 6c605c17 85165->85167 85165->85168 85167->85122 85167->85123 85168->85165 85172 6c606820 43 API calls 2 library calls 85168->85172 85170->85126 85171->85168 85172->85168 85173->85139 85174->85146 85175->85151 85176->85151 85177->85155 85178 d59020 85179 d59065 85178->85179 85180 d5904f 85178->85180 85181 c09cc0 43 API calls 85179->85181 85182 d5906a 85181->85182 85183 d59074 85182->85183 85184 d59172 85182->85184 85206 c08d40 62 API calls 85183->85206 85185 c09980 2 API calls 85184->85185 85186 d5917c 85185->85186 85188 c09cc0 43 API calls 85186->85188 85201 d591b5 ___crtLCMapStringW 85188->85201 85189 d59099 85194 d59108 85189->85194 85196 d5910c 85189->85196 85190 d59369 85191 c09980 2 API calls 85190->85191 85192 d59373 85191->85192 85193 c09980 2 API calls 85192->85193 85195 d5937d 85193->85195 85207 d59380 88 API calls 6 library calls 85196->85207 85198 d59118 85198->85194 85199 c09cc0 43 API calls 85199->85201 85200 c09790 35 API calls 85200->85201 85201->85190 85201->85192 85201->85199 85201->85200 85203 d59302 85201->85203 85204 d59312 85201->85204 85208 c14010 85201->85208 85203->85204 85205 c211a0 35 API calls 85203->85205 85205->85204 85206->85189 85207->85198 85209 c14091 85208->85209 85212 c14038 85208->85212 85210 c09980 2 API calls 85209->85210 85211 c1409b 85210->85211 85212->85201 85213 d6f220 85232 d6f900 85213->85232 85215 d6f266 WaitForSingleObject 85216 d6f282 ResetEvent 85215->85216 85228 d6f27b std::ios_base::_Ios_base_dtor 85215->85228 85217 db46d9 std::_Facet_Register 2 API calls 85216->85217 85218 d6f290 85217->85218 85219 c06610 34 API calls 85218->85219 85220 d6f2b3 85219->85220 85221 c06610 34 API calls 85220->85221 85223 d6f2c2 std::ios_base::_Ios_base_dtor 85221->85223 85222 d6f3cb std::ios_base::_Ios_base_dtor 85224 db46d9 std::_Facet_Register 2 API calls 85222->85224 85223->85222 85225 d6f462 85223->85225 85226 d6f407 CreateThread 85224->85226 85227 db9b1f std::_Throw_Cpp_error 34 API calls 85225->85227 85226->85228 85257 c3aea0 85226->85257 85229 d6f467 85227->85229 85255 d74fd0 34 API calls 3 library calls 85229->85255 85231 d6f481 85233 c07160 34 API calls 85232->85233 85234 d6f964 85233->85234 85235 c07050 34 API calls 85234->85235 85236 d6f980 85235->85236 85237 c07050 34 API calls 85236->85237 85238 d6f98f 85237->85238 85256 d78a80 35 API calls 85238->85256 85240 d6f99a OpenEventW 85241 d6f9d3 85240->85241 85242 d6f9ba CreateEventW 85240->85242 85243 c078a0 34 API calls 85241->85243 85242->85241 85244 d6f9df 85243->85244 85245 d6fa12 std::ios_base::_Ios_base_dtor 85244->85245 85247 d6fa4e 85244->85247 85246 db469a _ValidateLocalCookies 5 API calls 85245->85246 85248 d6fa48 85246->85248 85249 db9b1f std::_Throw_Cpp_error 34 API calls 85247->85249 85248->85215 85250 d6fa53 85249->85250 85251 d6faab std::ios_base::_Ios_base_dtor 85250->85251 85252 c078a0 34 API calls 85250->85252 85251->85215 85253 d6fa9c 85252->85253 85254 c078a0 34 API calls 85253->85254 85254->85251 85255->85231 85256->85240 85258 c3aeb3 std::ios_base::_Ios_base_dtor 85257->85258 85263 db62bd 85258->85263 85261 c3aedb 85262 c3aec9 SetUnhandledExceptionFilter 85262->85261 85264 db62f5 __set_se_translator 44 API calls 85263->85264 85265 db62c6 85264->85265 85266 db62f5 __set_se_translator 44 API calls 85265->85266 85267 c3aebd 85266->85267 85267->85261 85267->85262 85268 c1845b 85269 c18466 CallWindowProcW 85268->85269 85270 c1847c GetWindowLongW CallWindowProcW 85268->85270 85273 c184cb 85269->85273 85271 c184b0 GetWindowLongW 85270->85271 85270->85273 85272 c184bd SetWindowLongW 85271->85272 85271->85273 85272->85273

                                                                                                                                                                        Executed Functions

                                                                                                                                                                        Function 00D581C0 Relevance: 30.3, APIs: 14, Strings: 3, Instructions: 526registryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 541 d581c0-d58252 GetUserNameW 542 d58254-d5825d GetLastError 541->542 543 d5829e-d582dc GetEnvironmentVariableW 541->543 542->543 544 d5825f-d58267 542->544 545 d58322-d5832c 543->545 546 d582de-d582e3 543->546 547 d5827f-d58287 call c0de00 544->547 548 d58269-d5827d 544->548 551 d58337-d5833d 545->551 552 d5832e-d58335 545->552 549 d582e5-d582f9 546->549 550 d582fb-d58305 call c0de00 546->550 554 d5828c-d5829c GetUserNameW 547->554 548->554 556 d5830a-d5831c GetEnvironmentVariableW 549->556 550->556 553 d58340-d58369 551->553 552->553 558 d58378-d583ad call c07050 * 2 553->558 559 d5836b-d58373 call c07160 553->559 554->543 556->545 565 d583e1-d583fe 558->565 566 d583af-d583c1 558->566 559->558 569 d58400-d58412 565->569 570 d5842e-d5845e call db469a 565->570 567 d583d7-d583de call db46a8 566->567 568 d583c3-d583d1 566->568 567->565 568->567 572 d5845f-d584de call db9b1f call d58910 call d188d0 call c078a0 568->572 574 d58424-d5842b call db46a8 569->574 575 d58414-d58422 569->575 588 d584e0-d58501 call d06c10 572->588 589 d58509-d5850f 572->589 574->570 575->572 575->574 593 d58506 588->593 591 d58511 589->591 592 d58513-d58548 RegDeleteValueW call c078a0 * 2 589->592 591->592 598 d58554-d585db call c07160 call d188d0 592->598 599 d5854a-d5854d RegCloseKey 592->599 593->589 604 d585dd-d585ef 598->604 605 d5860f-d58626 598->605 599->598 606 d58605-d5860c call db46a8 604->606 607 d585f1-d585ff 604->607 608 d5864e-d586b3 call d58ad0 call d188d0 RegQueryInfoKeyW 605->608 609 d58628-d58649 call d06c10 605->609 606->605 607->606 610 d58904 call db9b1f 607->610 622 d586b5-d586df call c078a0 * 2 608->622 623 d586fa-d58724 call c078a0 * 2 608->623 609->608 618 d58909-d5890f call db9b1f 610->618 632 d586e1-d586e4 RegCloseKey 622->632 633 d586ee-d586f8 622->633 634 d58726-d58729 RegCloseKey 623->634 635 d58733-d58741 623->635 632->633 636 d5874f-d58782 call c078a0 * 3 633->636 634->635 637 d58745-d58749 RegDeleteKeyW 635->637 638 d58743 635->638 645 d58784-d58787 RegCloseKey 636->645 646 d5878e-d587f6 call c07160 call d188d0 636->646 637->636 638->637 645->646 651 d587f8-d5880a 646->651 652 d5882a-d58846 646->652 653 d58820-d58827 call db46a8 651->653 654 d5880c-d5881a 651->654 655 d58880-d58884 652->655 656 d58848-d5887a call d06c10 652->656 653->652 654->618 654->653 658 d58886 655->658 659 d58888-d588a6 RegDeleteValueW call c078a0 655->659 656->655 658->659 664 d588ab-d588c9 call c078a0 659->664 667 d588d8-d58903 call db469a 664->667 668 d588cb-d588ce RegCloseKey 664->668 668->667
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetUserNameW.ADVAPI32(00000000,?), ref: 00D5824E
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D58254
                                                                                                                                                                        • GetUserNameW.ADVAPI32(00000000,?), ref: 00D5829C
                                                                                                                                                                        • GetEnvironmentVariableW.KERNEL32(UserDomain,00000000,00000000), ref: 00D582D2
                                                                                                                                                                        • GetEnvironmentVariableW.KERNEL32(UserDomain,00000000,00000000,00000000,00000000), ref: 00D5831C
                                                                                                                                                                        • RegDeleteValueW.KERNEL32(?,?,00000000,80000001,00000001,00000000,6C34C19C,00000000,?), ref: 00D58515
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000,80000001,00000001,00000000,6C34C19C,00000000,?), ref: 00D5854B
                                                                                                                                                                        • RegQueryInfoKeyW.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00D586A0
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000,80000001,00000001,00000000,6C34C19C,00000000), ref: 00D586E2
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000,80000001,00000001,00000000,6C34C19C,00000000), ref: 00D58727
                                                                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,00000000), ref: 00D58749
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000,80000001,00000001,00000000,6C34C19C,00000000), ref: 00D58785
                                                                                                                                                                        • RegDeleteValueW.KERNEL32(?,?,00000000,80000001,00000001,00000000,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000031,?,00000000,80000001,00000001,00000000,6C34C19C,00000000), ref: 00D5888A
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,00000000,80000001,00000001,00000000,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000031,?,00000000,80000001,00000001,00000000,6C34C19C,00000000), ref: 00D588CC
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Close$Delete$EnvironmentNameUserValueVariable$ErrorInfoLastQuery
                                                                                                                                                                        • String ID: Software$Software\Microsoft\Windows\CurrentVersion\RunOnce$UserDomain
                                                                                                                                                                        • API String ID: 1615433478-4079418357
                                                                                                                                                                        • Opcode ID: a528ef3623f6810e103f6d54ca9290d28b1b60d6fc57b4259b9cd2a59b1d27fb
                                                                                                                                                                        • Instruction ID: 047ddcb353cff5477c6d498b1f70f82185673d196b1f368a64cfc9f51f779d7d
                                                                                                                                                                        • Opcode Fuzzy Hash: a528ef3623f6810e103f6d54ca9290d28b1b60d6fc57b4259b9cd2a59b1d27fb
                                                                                                                                                                        • Instruction Fuzzy Hash: B1224970900248DBEF14DFA4CC99BEEBBB4FF14305F244158E845B7291DB746A89DBA1
                                                                                                                                                                        Function 00D34CA0 Relevance: 27.5, APIs: 11, Strings: 4, Instructions: 1259COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • GetTickCount.KERNEL32 ref: 00D34D24
                                                                                                                                                                        • __Xtime_get_ticks.LIBCPMT ref: 00D34D2C
                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D34D76
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00D34F64
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,?), ref: 00D3517A
                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000,00000008,00000000,?,?,?), ref: 00D35187
                                                                                                                                                                        • GetTokenInformation.KERNELBASE(00000000,00000014(TokenIntegrityLevel),?,00000004,?,?,?,?), ref: 00D351A7
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?), ref: 00D351D2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Init_thread_footerProcess$Token$CloseCountCurrentHandleHeapInformationOpenTickUnothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@
                                                                                                                                                                        • String ID: /uninstall$VersionString$\/:*?"<>|$\\?\
                                                                                                                                                                        • API String ID: 3363527671-654522458
                                                                                                                                                                        • Opcode ID: b5d36918d3cad0a73efa67856ff86e4846f403c071d00014ba94555310a05230
                                                                                                                                                                        • Instruction ID: 3d1b39cdb72a47e58e870e9fb1e5b211a7891f3fc8c01bab2ee92fc347f12c18
                                                                                                                                                                        • Opcode Fuzzy Hash: b5d36918d3cad0a73efa67856ff86e4846f403c071d00014ba94555310a05230
                                                                                                                                                                        • Instruction Fuzzy Hash: 5BB2C271A01609DFDB14DFA8D848BAEFBB4FF44314F188259E415AB2D1DB74AD05CBA0
                                                                                                                                                                        Function 00C20880 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 694fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00C209BF
                                                                                                                                                                        • PathIsUNCW.SHLWAPI(?,*.*,00000000), ref: 00C20A77
                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,*.*,00000000), ref: 00C20BCC
                                                                                                                                                                        • GetFullPathNameW.KERNEL32(?,00000000,00000000,00000000), ref: 00C20BE6
                                                                                                                                                                        • GetFullPathNameW.KERNEL32(?,00000000,?,00000000), ref: 00C20C19
                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00C20C88
                                                                                                                                                                        • SetLastError.KERNEL32(0000007B), ref: 00C20C96
                                                                                                                                                                        • _wcsrchr.LIBVCRUNTIME ref: 00C20CEC
                                                                                                                                                                        • _wcsrchr.LIBVCRUNTIME ref: 00C20D0C
                                                                                                                                                                        • PathIsUNCW.SHLWAPI(?,?,6C34C19C), ref: 00C20EE3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path$Find$CloseFullName_wcsrchr$ErrorFileFirstLast
                                                                                                                                                                        • String ID: *.*$\\?\$\\?\UNC\
                                                                                                                                                                        • API String ID: 1241272779-1700010636
                                                                                                                                                                        • Opcode ID: 389681c140e30c92f3108e266b46813f6fccde132b6e2ea42e43dbd2183e8105
                                                                                                                                                                        • Instruction ID: b9fc50a812fce18ba02f7faa32781866041f065931a5bd4b0c377d1851f84f2d
                                                                                                                                                                        • Opcode Fuzzy Hash: 389681c140e30c92f3108e266b46813f6fccde132b6e2ea42e43dbd2183e8105
                                                                                                                                                                        • Instruction Fuzzy Hash: 90423370600615DFDB14DF68D889BAEF7B5FF50314F24422EE825DB292EB71AA44CB90
                                                                                                                                                                        Function 6C61D070 Relevance: 21.4, APIs: 9, Strings: 3, Instructions: 400fileCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1948 6c61d070-6c61d0c7 call 6c62ffa7 1951 6c61d0c9-6c61d0cc 1948->1951 1952 6c61d0db-6c61d0e3 1948->1952 1951->1952 1953 6c61d0ce-6c61d0d5 FindClose 1951->1953 1954 6c61d0e5-6c61d0e7 1952->1954 1955 6c61d0ea-6c61d10d call 6c607b80 call 6c608270 1952->1955 1953->1952 1954->1955 1960 6c61d501-6c61d50b call 6c607f30 1955->1960 1961 6c61d113-6c61d130 call 6c609680 1955->1961 1967 6c61d132-6c61d134 1961->1967 1968 6c61d159-6c61d16c 1961->1968 1971 6c61d136-6c61d138 1967->1971 1972 6c61d13a-6c61d13f 1967->1972 1969 6c61d3f1 1968->1969 1970 6c61d172-6c61d178 1968->1970 1975 6c61d3f3-6c61d40b 1969->1975 1973 6c61d31c-6c61d32e FindFirstFileW 1970->1973 1974 6c61d17e-6c61d18d PathIsUNCW 1970->1974 1976 6c61d14f-6c61d154 call 6c607db0 1971->1976 1977 6c61d140-6c61d149 1972->1977 1973->1969 1978 6c61d334-6c61d347 GetFullPathNameW 1973->1978 1979 6c61d193-6c61d1a4 call 6c61d830 1974->1979 1980 6c61d2a7-6c61d2ba call 6c61d830 1974->1980 1981 6c61d415-6c61d428 1975->1981 1982 6c61d40d-6c61d410 1975->1982 1976->1968 1977->1977 1983 6c61d14b-6c61d14d 1977->1983 1986 6c61d4f7-6c61d4fc call 6c607f30 1978->1986 1987 6c61d34d-6c61d35e 1978->1987 1996 6c61d1a6-6c61d1ac 1979->1996 1994 6c61d2c0-6c61d2c6 1980->1994 1982->1981 1983->1976 1986->1960 1989 6c61d360-6c61d363 call 6c607d40 1987->1989 1990 6c61d368-6c61d382 GetFullPathNameW 1987->1990 1989->1990 1997 6c61d384-6c61d386 1990->1997 1998 6c61d388-6c61d398 call 6c638c66 1990->1998 2001 6c61d2e6-6c61d2e8 1994->2001 2002 6c61d2c8-6c61d2cb 1994->2002 1999 6c61d1cc-6c61d1ce 1996->1999 2000 6c61d1ae-6c61d1b1 1996->2000 2003 6c61d3a1-6c61d3a6 1997->2003 1998->1986 2019 6c61d39e 1998->2019 2011 6c61d1d1-6c61d1e6 1999->2011 2007 6c61d1b3-6c61d1bb 2000->2007 2008 6c61d1c8-6c61d1ca 2000->2008 2009 6c61d2eb-6c61d300 2001->2009 2005 6c61d2e2-6c61d2e4 2002->2005 2006 6c61d2cd-6c61d2d5 2002->2006 2003->1986 2012 6c61d3ac-6c61d3b9 2003->2012 2005->2009 2006->2001 2014 6c61d2d7-6c61d2e0 2006->2014 2007->1999 2013 6c61d1bd-6c61d1c6 2007->2013 2008->2011 2017 6c61d302-6c61d305 2009->2017 2018 6c61d30a-6c61d30c 2009->2018 2015 6c61d1f0-6c61d1f2 2011->2015 2016 6c61d1e8-6c61d1eb 2011->2016 2020 6c61d42b-6c61d431 2012->2020 2021 6c61d3bb-6c61d3d9 call 6c62ffa7 2012->2021 2013->1996 2013->2008 2014->1994 2014->2005 2015->1973 2022 6c61d1f8-6c61d22c call 6c61dac0 2015->2022 2016->2015 2017->2018 2018->1973 2026 6c61d30e 2018->2026 2019->2003 2024 6c61d433-6c61d438 call 6c607c30 2020->2024 2025 6c61d43d-6c61d451 call 6c631303 2020->2025 2034 6c61d3e9-6c61d3eb SetLastError 2021->2034 2035 6c61d3db-6c61d3de 2021->2035 2039 6c61d273-6c61d296 2022->2039 2040 6c61d22e-6c61d232 2022->2040 2024->2025 2037 6c61d453-6c61d458 call 6c607c30 2025->2037 2038 6c61d45d-6c61d46e call 6c631303 2025->2038 2029 6c61d313-6c61d317 call 6c61d990 2026->2029 2029->1973 2034->1969 2035->2034 2041 6c61d3e0-6c61d3e7 FindClose 2035->2041 2037->2038 2051 6c61d470-6c61d472 2038->2051 2052 6c61d48a-6c61d48c 2038->2052 2046 6c61d2a0-6c61d2a5 2039->2046 2047 6c61d298-6c61d29b 2039->2047 2044 6c61d234-6c61d238 2040->2044 2045 6c61d267-6c61d26e call 6c607db0 2040->2045 2041->2034 2044->2045 2048 6c61d23a-6c61d252 call 6c6079c0 2044->2048 2045->2039 2046->2029 2047->2046 2063 6c61d254-6c61d25c 2048->2063 2064 6c61d25f-6c61d265 2048->2064 2055 6c61d4e3-6c61d4f2 2051->2055 2056 6c61d474-6c61d47a 2051->2056 2057 6c61d4a5-6c61d4a7 2052->2057 2058 6c61d48e-6c61d494 2052->2058 2055->1975 2061 6c61d486-6c61d488 2056->2061 2062 6c61d47c-6c61d481 call 6c607c30 2056->2062 2059 6c61d4b0-6c61d4b2 2057->2059 2060 6c61d4a9-6c61d4ae 2057->2060 2065 6c61d4a3 2058->2065 2066 6c61d496-6c61d4a0 call 6c607c30 2058->2066 2067 6c61d4b5-6c61d4b9 2059->2067 2060->2067 2061->2057 2062->2061 2063->2064 2064->2039 2065->2057 2066->2065 2070 6c61d4bb-6c61d4bd 2067->2070 2071 6c61d4bf-6c61d4cf call 6c638c66 2067->2071 2074 6c61d4d1-6c61d4d6 2070->2074 2071->1986 2071->2074 2074->1986 2077 6c61d4d8-6c61d4df 2074->2077 2077->2055
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindClose.KERNEL32(00000000,?,?,6C698D6C,?), ref: 6C61D0CF
                                                                                                                                                                        • PathIsUNCW.SHLWAPI(?,*.*,?,6C698D6C), ref: 6C61D17F
                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,*.*,?,6C698D6C), ref: 6C61D323
                                                                                                                                                                        • GetFullPathNameW.KERNEL32(00000000,00000000,00000000,00000000,?,6C698D6C), ref: 6C61D33D
                                                                                                                                                                        • GetFullPathNameW.KERNEL32(00000000,00000000,?,00000000,?,6C698D6C), ref: 6C61D370
                                                                                                                                                                        • FindClose.KERNEL32(00000000,?,?,?,?,?,6C698D6C), ref: 6C61D3E1
                                                                                                                                                                        • SetLastError.KERNEL32(0000007B,?,?,?,?,?,6C698D6C), ref: 6C61D3EB
                                                                                                                                                                        • _wcsrchr.LIBVCRUNTIME ref: 6C61D441
                                                                                                                                                                        • _wcsrchr.LIBVCRUNTIME ref: 6C61D461
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2087252363.000000006C5E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2087224760.000000006C5E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087345153.000000006C68F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087378335.000000006C69B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6c5e0000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FindPath$CloseFullName_wcsrchr$ErrorFileFirstLast
                                                                                                                                                                        • String ID: *.*$\\?\$\\?\UNC\
                                                                                                                                                                        • API String ID: 726989864-1700010636
                                                                                                                                                                        • Opcode ID: e08339c3a32f3768fb0bbb620b2bfdf7f3a7e1825a0f0f85b969e3e523c939df
                                                                                                                                                                        • Instruction ID: 8af6134b7d148b696a97425420d1e9d0d04abe5aef76fb91e9d348ceda1fb962
                                                                                                                                                                        • Opcode Fuzzy Hash: e08339c3a32f3768fb0bbb620b2bfdf7f3a7e1825a0f0f85b969e3e523c939df
                                                                                                                                                                        • Instruction Fuzzy Hash: 28E1F530609601DFDB06CF6DC844BAEB7B1FF4232AF144668E9259BB90DB35E905CB58
                                                                                                                                                                        Function 6C60DB00 Relevance: 17.5, Strings: 13, Instructions: 1250COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2087252363.000000006C5E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2087224760.000000006C5E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087345153.000000006C68F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087378335.000000006C69B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6c5e0000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: #118#125#171Heap$#103AllocProcess
                                                                                                                                                                        • String ID: -> $Action ended$Crash >> $Error: $Exception >> $Info 1720$Lifecycle: $Track screen: [$W$Warning: $fatal error$success$user abort
                                                                                                                                                                        • API String ID: 196527699-1454030630
                                                                                                                                                                        • Opcode ID: b1efef516590cf5d8407c27dbb676179738259fbf49c8662289a4d2f8ace4153
                                                                                                                                                                        • Instruction ID: 2ef5307574c68f705b077e578dd797882201782168b3a63740c1304ff747c976
                                                                                                                                                                        • Opcode Fuzzy Hash: b1efef516590cf5d8407c27dbb676179738259fbf49c8662289a4d2f8ace4153
                                                                                                                                                                        • Instruction Fuzzy Hash: 9AB2F370F01244DFDB08CFA8CA44BDEBBB1AF4A318F148259D411BB791DB759A09CB99
                                                                                                                                                                        Function 00D40640 Relevance: 15.8, APIs: 10, Instructions: 792COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Init_thread_footer$HeapProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 275895251-0
                                                                                                                                                                        • Opcode ID: 382fbfa871dd5416712c69c2d8d55c77682ea3c1b0ab678fad8093ae7da44624
                                                                                                                                                                        • Instruction ID: 81538cdd2c2a9ca4a3598d17e1e8bfc7a5993c858667f06825426ceccbd22e2e
                                                                                                                                                                        • Opcode Fuzzy Hash: 382fbfa871dd5416712c69c2d8d55c77682ea3c1b0ab678fad8093ae7da44624
                                                                                                                                                                        • Instruction Fuzzy Hash: FA72A170901649DFDB14DFA8C884B9EBBF0FF45314F188299E515AB292DB74AD48CFA0
                                                                                                                                                                        Function 00D1E740 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 85libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryW.KERNEL32(ComCtl32.dll,6C34C19C,?,?,00000000), ref: 00D1E77E
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 00D1E7A1
                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,?), ref: 00D1E801
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00D1E81F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: LibraryLoad$AddressFreeImageProc
                                                                                                                                                                        • String ID: ComCtl32.dll$LoadIconMetric
                                                                                                                                                                        • API String ID: 1597520822-764666640
                                                                                                                                                                        • Opcode ID: 0cbcf39c2f857d8a5991b717a80d9cbf1d5243057c290079edb0cf7a6b81eb6c
                                                                                                                                                                        • Instruction ID: 46392af0026aa5024cb750765a12df0ba261ae3d00b1eaa09b74f17e01ce10f9
                                                                                                                                                                        • Opcode Fuzzy Hash: 0cbcf39c2f857d8a5991b717a80d9cbf1d5243057c290079edb0cf7a6b81eb6c
                                                                                                                                                                        • Instruction Fuzzy Hash: 573180B1A00259ABDF148F95DC48BAEBFF8EB48750F00022AF915A3280D7B58944CBA0
                                                                                                                                                                        Function 00D4B860 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 125COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00D4B93A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DiskFreeSpace
                                                                                                                                                                        • String ID: \$\$\
                                                                                                                                                                        • API String ID: 1705453755-3791832595
                                                                                                                                                                        • Opcode ID: 2d8aee8d7cd569ff03a60fecb5e71b89e8e0e23bb1768eb16926b0f2afe677cc
                                                                                                                                                                        • Instruction ID: da6b3452e96001e6ce2be2e37506c4ec1faa012aeb37678b4d7a880525bf57bb
                                                                                                                                                                        • Opcode Fuzzy Hash: 2d8aee8d7cd569ff03a60fecb5e71b89e8e0e23bb1768eb16926b0f2afe677cc
                                                                                                                                                                        • Instruction Fuzzy Hash: 5941D462D14355CBCB30DF2484416ABB7F4FFA9364F194A2FE9C897040E360CD858BA6
                                                                                                                                                                        Function 6C627870 Relevance: 6.1, APIs: 4, Instructions: 84fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,?,F1829F80), ref: 6C627906
                                                                                                                                                                        • FindClose.KERNEL32(00000000,?,?), ref: 6C62793E
                                                                                                                                                                          • Part of subcall function 6C607F30: HeapAlloc.KERNEL32(00000000,00000000,?,F1829F80,00000000,6C64ED80,000000FF,?,?,6C68D24C,?,6C6281AD,80004005), ref: 6C607F7A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2087252363.000000006C5E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2087224760.000000006C5E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087345153.000000006C68F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087378335.000000006C69B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6c5e0000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Find$AllocCloseFileFirstHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2507753907-0
                                                                                                                                                                        • Opcode ID: f95b242dfc8c0dd84cc7467abb1715adff23f2fd88837840b3a7540ba6e7b255
                                                                                                                                                                        • Instruction ID: 3acdf572e9b36fe236726a3fc4f547eb2afe28b7bbf562dcdca6e6aa8eee6ca8
                                                                                                                                                                        • Opcode Fuzzy Hash: f95b242dfc8c0dd84cc7467abb1715adff23f2fd88837840b3a7540ba6e7b255
                                                                                                                                                                        • Instruction Fuzzy Hash: CA31F371C05318CADF24DF65C849BA9B7B4EF02324F10479AD829A3AD0D7385944CF8A
                                                                                                                                                                        Function 00CD7A10 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 228libraryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00CD7A51
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                          • Part of subcall function 00C092A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00C21134,00000000,?,00000010,?,*.*,?,80070057), ref: 00C092C3
                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000000,00E10D6D,000000FF), ref: 00CD7B24
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Init_thread_footer$DirectoryFindHeapLibraryLoadProcessResourceSystem
                                                                                                                                                                        • String ID: UxTheme.dll
                                                                                                                                                                        • API String ID: 2586271605-352951104
                                                                                                                                                                        • Opcode ID: 4ef5b595bd012b0cc6185b1401549b170d9a883f239d0ab0fd32cb68312b48ee
                                                                                                                                                                        • Instruction ID: 8fe6b3b900fbc88747903efb6a431a156964f858fc293600a4876c89e7ea5c19
                                                                                                                                                                        • Opcode Fuzzy Hash: 4ef5b595bd012b0cc6185b1401549b170d9a883f239d0ab0fd32cb68312b48ee
                                                                                                                                                                        • Instruction Fuzzy Hash: 10A17AB0504645EFE714CF24C858B9ABBF0FF04318F14865ED9299B781E7B6A618DF90
                                                                                                                                                                        Function 00DB4245 Relevance: 5.0, APIs: 4, Instructions: 41memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000008,00000000,00D435FE,?,?,?,?,?,?), ref: 00DB424A
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?), ref: 00DB4251
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?), ref: 00DB4297
                                                                                                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,?,?), ref: 00DB429E
                                                                                                                                                                          • Part of subcall function 00DB40E3: GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,00DB428D,?,?,?,?,?,?,?), ref: 00DB4107
                                                                                                                                                                          • Part of subcall function 00DB40E3: HeapAlloc.KERNEL32(00000000,?,00DB428D,?,?,?,?,?,?,?), ref: 00DB410E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$Process$Alloc$Free
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1864747095-0
                                                                                                                                                                        • Opcode ID: 00dec2014157ef44680e7d89770a1b761ba25b24244e66b9e016bab30ebd3247
                                                                                                                                                                        • Instruction ID: eefb7dacd29b8a1b50d220758d2b1a36b8e29e07124765657be898c05289cbb9
                                                                                                                                                                        • Opcode Fuzzy Hash: 00dec2014157ef44680e7d89770a1b761ba25b24244e66b9e016bab30ebd3247
                                                                                                                                                                        • Instruction Fuzzy Hash: B1F0BB32A44712DBCB64ABB97C0DAAF3E649F85751B154018F597D6142DF70C8059F70
                                                                                                                                                                        Function 00D1B1B0 Relevance: 4.6, APIs: 3, Instructions: 93fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,?,?), ref: 00D1B24D
                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00D1B2AC
                                                                                                                                                                          • Part of subcall function 00C09980: RtlAllocateHeap.NTDLL(?,00000000,?,6C34C19C,00000000,00DDC6B0,000000FF,?,?,00EBC42C,?,00D598B8,80004005,6C34C19C), ref: 00C099CA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Find$AllocateCloseFileFirstHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1673784098-0
                                                                                                                                                                        • Opcode ID: d0058df562a716862a631637cf3464224c049273c337c6fd37f2e5e3cffbe2e7
                                                                                                                                                                        • Instruction ID: 0b549afe84f6797f08362206b496853d984c0e2b175460a7f833aa25954c8d01
                                                                                                                                                                        • Opcode Fuzzy Hash: d0058df562a716862a631637cf3464224c049273c337c6fd37f2e5e3cffbe2e7
                                                                                                                                                                        • Instruction Fuzzy Hash: C331B270904618EFDB24DF55E849BEEB7B4EB45324F20416EE819A3380DB715988CBA4
                                                                                                                                                                        Function 00D598C0 Relevance: 3.1, APIs: 2, Instructions: 86filepipeCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateNamedPipeW.KERNEL32(?,00000003,00000006,000000FF,00007F90,00007F90,00001388,00000000,?,6C34C19C,6C34C19C,?,?,?,?,00000000), ref: 00D59949
                                                                                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,00000000,00000000,?,6C34C19C,6C34C19C,?,?,?,?,00000000,00E283A5), ref: 00D5996A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Create$FileNamedPipe
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1328467360-0
                                                                                                                                                                        • Opcode ID: 41ba8da915f466a7455b25c881df75a6c4d9be7f77e139f51bde0e7bb5f63813
                                                                                                                                                                        • Instruction ID: ebfc07ef428535f5a90bc70718bc39f55ba15d6aac8f0a3678fb1ac4aa1ed7b9
                                                                                                                                                                        • Opcode Fuzzy Hash: 41ba8da915f466a7455b25c881df75a6c4d9be7f77e139f51bde0e7bb5f63813
                                                                                                                                                                        • Instruction Fuzzy Hash: 66312531A88745AFE720CF24CC05B99FFA4EB01720F10826EFDA5A76D0CB71A944CB50
                                                                                                                                                                        Function 00C3AEA0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __set_se_translator.LIBVCRUNTIME ref: 00C3AEB8
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00D1A060), ref: 00C3AECE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterUnhandled__set_se_translator
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2480343447-0
                                                                                                                                                                        • Opcode ID: b47763b365776090f883adafad9028d1fe50d378897bbfb82ab481a1648acc30
                                                                                                                                                                        • Instruction ID: b33ec9586e2fed049dbc15cddadbc399e6f9704c1002824de71724deeb6d0b43
                                                                                                                                                                        • Opcode Fuzzy Hash: b47763b365776090f883adafad9028d1fe50d378897bbfb82ab481a1648acc30
                                                                                                                                                                        • Instruction Fuzzy Hash: 89E02622941200BECB109751AC0EF8A3FA0FB96721F094054F10533152C770844ED372
                                                                                                                                                                        Function 6C605B60 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetAdaptersInfo.IPHLPAPI(00000000,6C605C87), ref: 6C605BCB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2087252363.000000006C5E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2087224760.000000006C5E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087345153.000000006C68F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087378335.000000006C69B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6c5e0000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AdaptersInfo
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3177971545-0
                                                                                                                                                                        • Opcode ID: e1eb2aa8d37208113c55f46761ee24c5e6963d44d847c11455c7aa5b069b853d
                                                                                                                                                                        • Instruction ID: 630513bd76c3ea0269529534c44c762f6413629125b69ca7911a338cd2e58455
                                                                                                                                                                        • Opcode Fuzzy Hash: e1eb2aa8d37208113c55f46761ee24c5e6963d44d847c11455c7aa5b069b853d
                                                                                                                                                                        • Instruction Fuzzy Hash: 0C21D7713052015FD71CCE28CAA496AB7E9FB85304F448A3EE046A7A80EFB0F904875C
                                                                                                                                                                        Function 00D63E80 Relevance: 1.5, APIs: 1, Instructions: 49comCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00D20100: __Init_thread_footer.LIBCMT ref: 00D201E0
                                                                                                                                                                        • CoCreateInstance.COMBASE(00E442C8,00000000,00000001,00E60CEC,000000B0), ref: 00D63EFE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateInit_thread_footerInstance
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3436645735-0
                                                                                                                                                                        • Opcode ID: 63f37ba85131630e7c3d2625a04a89057b55f07ee540b3951b937019ee7b43da
                                                                                                                                                                        • Instruction ID: dac43fb91a9e74aa394db4c50118ebfe73abebbe506e10130319ac6db02ebec6
                                                                                                                                                                        • Opcode Fuzzy Hash: 63f37ba85131630e7c3d2625a04a89057b55f07ee540b3951b937019ee7b43da
                                                                                                                                                                        • Instruction Fuzzy Hash: C111ADB1604740AFD720CF59E805B8AFBF8EB05B10F10465EF861AB7C0C7B66504CBA0
                                                                                                                                                                        Function 00D5F0D0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Init_thread_footer$CreateHeapInstanceProcess
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3807588171-0
                                                                                                                                                                        • Opcode ID: e0f160ab5497799ccd260401e97c4f7e258cdf4f8acb0bef14e34457a1bea241
                                                                                                                                                                        • Instruction ID: 16d6038e0ea78d578b51995b46af445c5f9b0183c2cca13aed32c9f1ec376d25
                                                                                                                                                                        • Opcode Fuzzy Hash: e0f160ab5497799ccd260401e97c4f7e258cdf4f8acb0bef14e34457a1bea241
                                                                                                                                                                        • Instruction Fuzzy Hash: 896147B0501744CFEB10CF69C54838ABFE0FF45318F148A9DD98A9B782D7B9A609DB91
                                                                                                                                                                        Function 00D02DF0 Relevance: 112.3, APIs: 8, Strings: 56, Instructions: 327libraryloaderfileCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00D02F6A
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32,?), ref: 00D02FAC
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetSearchPathMode), ref: 00D02FF4
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetDllDirectory), ref: 00D0304C
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00D0305C
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00D030A4
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00D03004
                                                                                                                                                                          • Part of subcall function 00DB4B58: EnterCriticalSection.KERNEL32(00EC7FD8,?,?,00C09DD7,00EC8C04,00E37520), ref: 00DB4B62
                                                                                                                                                                          • Part of subcall function 00DB4B58: LeaveCriticalSection.KERNEL32(00EC7FD8,?,00C09DD7,00EC8C04,00E37520), ref: 00DB4B95
                                                                                                                                                                          • Part of subcall function 00DB4B58: RtlWakeAllConditionVariable.NTDLL ref: 00DB4C0C
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00D030B4
                                                                                                                                                                          • Part of subcall function 00CD7A10: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00CD7A51
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Init_thread_footer$AddressProc$CriticalSection$ConditionDirectoryEnterFileHandleHeapLeaveModuleMoveProcessSystemVariableWake
                                                                                                                                                                        • String ID: @echo off %%SystemRoot%%\System32\attrib.exe -r "%s" :try del "%s" if exist "%s" goto try%%SystemRoot%%\System32\attrib.exe -r "%s" del "%s" | cls$@echo off %%SystemRoot%%\System32\attrib.exe -r "%s" :try rd "%s" if exist "%s" goto try%%SystemRoot%%\System32\attrib.exe -r "%s" del "%s" | cls$@echo off %%SystemRoot%%\System32\attrib.exe -r "%s" SET count=0 :try %%SystemRoot%%\System32\timeout.exe 5 SET /a count=%%count%%+1rd "%s" if %%count%% GTR %lu goto breakif exist "%s" goto try:break %%SystemRoot%%\System32\attrib.exe -r "$@echo off %%SystemRoot%%\System32\attrib.exe -r "%s" SET count=0 :try %%SystemRoot%%\System32\timeout.exe 5 SET /a count=%%count%%+1del "%s" if %%count%% GTR %lu goto breakif exist "%s" goto try:break %%SystemRoot%%\System32\attrib.exe -r "$SetDefaultDllDirectories$SetDllDirectory$SetSearchPathMode$USP10.dll$WindowsCodecs.dll$advapi32.dll$apphelp.dll$bcrypt.dll$cabinet.dll$comctl32.dll$comdlg32.dll$crypt32.dll$cryptsp.dll$davhlpr.dll$dbghelp.dll$dwmapi.dll$gdi32.dll$gdiplus.dll$kernel32$kernel32.dll$lpk.dll$mpr.dll$msasn1.dll$msi.dll$msihnd.dll$msimg32.dll$msls31.dll$netapi32.dll$netutils.dll$ole32.dll$oleaut32.dll$profapi.dll$propsys.dll$psapi.dll$rsaenh.dll$samcli.dll$secur32.dll$setupapi.dll$shcore.dll$shell32.dll$shlwapi.dll$srvcli.dll$urlmon.dll$user32.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wininet.dll$wintrust.dll$wkscli.dll$ws2_32.dll
                                                                                                                                                                        • API String ID: 3437638698-2006426916
                                                                                                                                                                        • Opcode ID: 73d4026b611562fb791050880bfdd2b9f38cfcf9efe1713d7416cba5db724c51
                                                                                                                                                                        • Instruction ID: 35288005faed0a7d6043293dac09aef0bfefae5e8508f46a8c9b1078fc33f998
                                                                                                                                                                        • Opcode Fuzzy Hash: 73d4026b611562fb791050880bfdd2b9f38cfcf9efe1713d7416cba5db724c51
                                                                                                                                                                        • Instruction Fuzzy Hash: ADE18DB0900249DFDF24CF64C84ABDEBBA4FF85315F045519EC18AB282D7B19A0DCB61
                                                                                                                                                                        Function 00D20410 Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 247registrylibraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 75 d20410-d20486 RegOpenKeyExW 77 d207a6-d207bf 75->77 78 d2048c-d204ed RegQueryValueExW * 2 75->78 79 d207d2-d207eb call db469a 77->79 80 d207c1-d207c8 RegCloseKey 77->80 81 d2054b-d2058c RegQueryValueExW 78->81 82 d204ef-d20521 RegQueryValueExW 78->82 80->79 85 d205b5 81->85 86 d2058e-d205b3 call d25da0 81->86 82->81 84 d20523-d2052b 82->84 84->84 89 d2052d-d20530 84->89 87 d205ba-d205c1 85->87 86->87 91 d205c3-d205c8 87->91 92 d2062d-d20658 RegQueryValueExW 87->92 89->81 93 d20532-d20545 89->93 91->92 95 d205ca-d20609 RegQueryValueExW call dbfa5a 91->95 96 d2065a-d2067a call d25da0 92->96 97 d2067f-d206aa RegQueryValueExW 92->97 93->81 111 d20623 95->111 112 d2060b-d20621 call dbfa5a 95->112 96->97 100 d2070a-d2071d 97->100 101 d206ac-d206bb 97->101 105 d20766-d2076e 100->105 106 d2071f-d20733 call db4ba2 100->106 102 d206df-d206ed 101->102 103 d206bd-d206c8 101->103 109 d206fa-d20705 102->109 110 d206ef 102->110 108 d206d0-d206dd 103->108 114 d20770-d2078c GetCurrentProcess IsWow64Process 105->114 115 d2079a 105->115 106->105 123 d20735-d20763 GetModuleHandleW GetProcAddress call db4b58 106->123 108->102 108->108 109->100 117 d206f0-d206f8 110->117 111->92 112->92 112->111 114->115 120 d2078e-d20798 114->120 116 d2079c-d207a1 call d207f0 115->116 116->77 117->109 117->117 120->116 123->105
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00020119,00000000), ref: 00D2047E
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(00000000,CurrentMajorVersionNumber,00000000,00000000,?,?), ref: 00D204C5
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(00000000,CurrentMinorVersionNumber,00000000,00000000,?,00000004), ref: 00D204E4
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(00000000,CurrentVersion,00000000,00000000,?,?), ref: 00D20513
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(00000000,CurrentBuildNumber,00000000,00000000,?,?), ref: 00D20588
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(00000000,BuildBranch,00000000,00000000,?,?), ref: 00D205F1
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(00000000,ReleaseId,00000000,00000000,?,?), ref: 00D20654
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(00000000,CSDVersion,00000000,00000000,?,?), ref: 00D206A6
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 00D20743
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00D2074A
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00D2075E
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?), ref: 00D20781
                                                                                                                                                                        • IsWow64Process.KERNEL32(00000000), ref: 00D20788
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00D207C2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: QueryValue$Process$AddressCloseCurrentHandleInit_thread_footerModuleOpenProcWow64
                                                                                                                                                                        • String ID: BuildBranch$CSDVersion$CurrentBuildNumber$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$IsWow64Process$ReleaseId$Software\Microsoft\Windows NT\CurrentVersion$co_release$kernel32$rs_prerelease
                                                                                                                                                                        • API String ID: 1906320730-525127412
                                                                                                                                                                        • Opcode ID: a309090be6aeef7ed8818e4d9b843db6b921bce37c6fdbee635c1066e3ec10e4
                                                                                                                                                                        • Instruction ID: bd3886f5af30d3f5f87a37933908251db1335c32e5d24ac45debdf401e51f3b9
                                                                                                                                                                        • Opcode Fuzzy Hash: a309090be6aeef7ed8818e4d9b843db6b921bce37c6fdbee635c1066e3ec10e4
                                                                                                                                                                        • Instruction Fuzzy Hash: EAA17E71900328DEDB20CF21DD45F99BBF4FB14705F0441AAE849B7291EB759A89CFA0
                                                                                                                                                                        Function 6C626320 Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 247registrylibraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 126 6c626320-6c626392 RegOpenKeyExW 128 6c626648-6c62665b 126->128 129 6c626398-6c6263db RegQueryValueExW * 2 126->129 130 6c62666b-6c62668b call 6c62f80f 128->130 131 6c62665d-6c626664 RegCloseKey 128->131 132 6c626436-6c626468 RegQueryValueExW 129->132 133 6c6263dd-6c62640f RegQueryValueExW 129->133 131->130 136 6c62648a 132->136 137 6c62646a-6c626488 call 6c61dd70 132->137 133->132 135 6c626411-6c626419 133->135 135->135 140 6c62641b-6c62641e 135->140 138 6c62648f-6c626496 136->138 137->138 142 6c626498-6c62649d 138->142 143 6c6264f9-6c626518 RegQueryValueExW 138->143 140->132 144 6c626420-6c626433 140->144 142->143 146 6c62649f-6c6264d5 RegQueryValueExW call 6c638f14 142->146 147 6c626535-6c626557 RegQueryValueExW 143->147 148 6c62651a-6c626530 call 6c61dd70 143->148 144->132 162 6c6264d7-6c6264ed call 6c638f14 146->162 163 6c6264ef 146->163 151 6c626559-6c626568 147->151 152 6c6265ae-6c6265c8 147->152 148->147 153 6c626584-6c626592 151->153 154 6c62656a-6c626573 151->154 156 6c626611-6c626619 152->156 157 6c6265ca-6c6265de call 6c62fbae 152->157 160 6c626594-6c62659c 153->160 161 6c62659e-6c6265a9 153->161 159 6c626575-6c626582 154->159 165 6c62661b-6c626631 GetCurrentProcess IsWow64Process 156->165 166 6c62663c 156->166 157->156 173 6c6265e0-6c62660e GetModuleHandleW GetProcAddress call 6c62fb64 157->173 159->153 159->159 160->160 160->161 161->152 162->143 162->163 163->143 165->166 170 6c626633-6c62663a 165->170 167 6c62663e-6c626643 call 6c626690 166->167 167->128 170->167 173->156
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?,?,?,?,?,?,?,00000000,6C661349,000000FF), ref: 6C62638A
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(?,CurrentMajorVersionNumber,00000000,00000000,?,?,?,?,?,?,?,?,00000000,6C661349,000000FF), ref: 6C6263BF
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(?,CurrentMinorVersionNumber,00000000,00000000,?,?,?,?,?,?,?,?,00000000,6C661349,000000FF), ref: 6C6263D5
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,CurrentVersion,00000000,00000000,?,?,?,?,?,?,?,?,00000000,6C661349,000000FF), ref: 6C6263FB
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(?,CurrentBuildNumber,00000000,00000000,?,?,?,?,?,?,?,?,00000000,6C661349,000000FF), ref: 6C626464
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,BuildBranch,00000000,00000000,?,?,?,?,?,?,?,?,00000000,6C661349,000000FF), ref: 6C6264BD
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(?,ReleaseId,00000000,00000000,?,?,?,?,?,?,?,?,00000000,6C661349,000000FF), ref: 6C626514
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(?,CSDVersion,00000000,00000000,?,?,?,?,?,?,?,?,00000000,6C661349,000000FF), ref: 6C626553
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process,?,?,?,?,?,?,?,00000000,6C661349,000000FF), ref: 6C6265EE
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 6C6265F5
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,00000000,6C661349,000000FF), ref: 6C626626
                                                                                                                                                                        • IsWow64Process.KERNEL32(00000000,?,?,?,?,?,?,00000000,6C661349,000000FF), ref: 6C62662D
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00000000,6C661349,000000FF), ref: 6C62665E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2087252363.000000006C5E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2087224760.000000006C5E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087345153.000000006C68F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087378335.000000006C69B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6c5e0000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: QueryValue$Process$AddressCloseCurrentHandleModuleOpenProcWow64
                                                                                                                                                                        • String ID: BuildBranch$CSDVersion$CurrentBuildNumber$CurrentMajorVersionNumber$CurrentMinorVersionNumber$CurrentVersion$IsWow64Process$ReleaseId$Software\Microsoft\Windows NT\CurrentVersion$co_release$kernel32$rs_prerelease
                                                                                                                                                                        • API String ID: 2654979339-525127412
                                                                                                                                                                        • Opcode ID: 4a066ae2e29e1f9ee8472ea8e21f637efd1832bd6f8f91d08034e31fbb9d625f
                                                                                                                                                                        • Instruction ID: b2d4970c4c229fc35ab325289673a6fcb12f874ec337454d8832900b1c22cf07
                                                                                                                                                                        • Opcode Fuzzy Hash: 4a066ae2e29e1f9ee8472ea8e21f637efd1832bd6f8f91d08034e31fbb9d625f
                                                                                                                                                                        • Instruction Fuzzy Hash: D6A17CB190021A9EDF20CF61CD45BEE77F8FB05704F10462AE911E7681E778A6458FA9
                                                                                                                                                                        Function 6C626690 Relevance: 40.5, APIs: 4, Strings: 19, Instructions: 221registryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 176 6c626690-6c626704 RegOpenKeyExW 178 6c626952-6c626965 176->178 179 6c62670a-6c626732 RegQueryValueExW 176->179 180 6c626967-6c62696e RegCloseKey 178->180 181 6c626975-6c626997 call 6c62f80f 178->181 182 6c626782-6c6267a1 RegQueryValueExW 179->182 183 6c626734-6c626746 call 6c61de20 179->183 180->181 182->178 186 6c6267a7-6c6267b2 182->186 192 6c626757-6c62676e call 6c61de20 183->192 193 6c626748-6c626755 183->193 189 6c6267b4-6c6267bc 186->189 190 6c6267be-6c6267c0 186->190 189->189 189->190 190->178 191 6c6267c6-6c6267cd 190->191 194 6c6267d0-6c6267de call 6c61de20 191->194 200 6c626770 192->200 201 6c626775-6c62677b 192->201 195 6c62677d 193->195 202 6c6267e0-6c6267e4 194->202 203 6c6267e9-6c6267f7 call 6c61de20 194->203 195->182 200->201 201->195 204 6c626924 202->204 208 6c626802-6c626810 call 6c61de20 203->208 209 6c6267f9-6c6267fd 203->209 207 6c62692b-6c626938 204->207 210 6c62694a-6c62694c 207->210 211 6c62693a 207->211 215 6c626812-6c626816 208->215 216 6c62681b-6c626829 call 6c61de20 208->216 209->204 210->178 210->194 213 6c626940-6c626948 211->213 213->210 213->213 215->204 219 6c626834-6c626842 call 6c61de20 216->219 220 6c62682b-6c62682f 216->220 223 6c626844-6c626848 219->223 224 6c62684d-6c62685b call 6c61de20 219->224 220->204 223->204 227 6c626866-6c626874 call 6c61de20 224->227 228 6c62685d-6c626861 224->228 231 6c626876-6c62687a 227->231 232 6c62687f-6c62688d call 6c61de20 227->232 228->204 231->204 235 6c626899-6c6268a7 call 6c61de20 232->235 236 6c62688f-6c626894 232->236 240 6c6268b0-6c6268be call 6c61de20 235->240 241 6c6268a9-6c6268ae 235->241 237 6c626921 236->237 237->204 244 6c6268c0-6c6268c5 240->244 245 6c6268c7-6c6268d5 call 6c61de20 240->245 241->237 244->237 248 6c6268d7-6c6268dc 245->248 249 6c6268de-6c6268ec call 6c61de20 245->249 248->237 252 6c6268f5-6c626903 call 6c61de20 249->252 253 6c6268ee-6c6268f3 249->253 256 6c626905-6c62690a 252->256 257 6c62690c-6c62691a call 6c61de20 252->257 253->237 256->237 257->207 260 6c62691c 257->260 260->237
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000002,SYSTEM\CurrentControlSet\Control\ProductOptions,00000000,00020119,?,?,?,00000000,6C66138D,000000FF), ref: 6C6266FC
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(?,ProductType,00000000,00000000,?,?,?,?,00000000,6C66138D,000000FF), ref: 6C62672E
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(?,ProductSuite,00000000,00000000,?,?,?,?,00000000,6C66138D,000000FF), ref: 6C62679D
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,?,00000000,6C66138D,000000FF), ref: 6C626968
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2087252363.000000006C5E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2087224760.000000006C5E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087345153.000000006C68F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087378335.000000006C69B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6c5e0000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: QueryValue$CloseOpen
                                                                                                                                                                        • String ID: BackOffice$Blade$CommunicationServer$Compute Server$DataCenter$Embedded(Restricted)$EmbeddedNT$Enterprise$Personal$ProductSuite$ProductType$SYSTEM\CurrentControlSet\Control\ProductOptions$Security Appliance$ServerNT$Small Business$Small Business(Restricted)$Storage Server$Terminal Server$WinNT
                                                                                                                                                                        • API String ID: 1586453840-3149529848
                                                                                                                                                                        • Opcode ID: 313b60c66a9bacd38627c7292601bca2555311fc32faac105f902d078a3cb5cf
                                                                                                                                                                        • Instruction ID: d13183658a56b8927364577d50515ae8ca15dd94aacecb298f150c5bb6406f83
                                                                                                                                                                        • Opcode Fuzzy Hash: 313b60c66a9bacd38627c7292601bca2555311fc32faac105f902d078a3cb5cf
                                                                                                                                                                        • Instruction Fuzzy Hash: 7471D274B042578ADB108F35CD817EA7AB6EB42309F1055399955DBE81EB3CC90A8F6C
                                                                                                                                                                        Function 00D207F0 Relevance: 40.5, APIs: 4, Strings: 19, Instructions: 220registryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 261 d207f0-d20868 RegOpenKeyExW 263 d20ad2-d20aeb 261->263 264 d2086e-d2089f RegQueryValueExW 261->264 265 d20afe-d20b19 call db469a 263->265 266 d20aed-d20af4 RegCloseKey 263->266 267 d208a1-d208b3 call d25e40 264->267 268 d208ef-d2091a RegQueryValueExW 264->268 266->265 277 d208c4-d208db call d25e40 267->277 278 d208b5-d208c2 267->278 268->263 269 d20920-d20931 268->269 272 d20933-d2093b 269->272 273 d2093d-d2093f 269->273 272->272 272->273 273->263 276 d20945-d2094c 273->276 279 d20950-d2095e call d25e40 276->279 284 d208e2-d208e8 277->284 285 d208dd 277->285 280 d208ea 278->280 287 d20960-d20964 279->287 288 d20969-d20977 call d25e40 279->288 280->268 284->280 285->284 289 d20aa4 287->289 295 d20982-d20990 call d25e40 288->295 296 d20979-d2097d 288->296 291 d20aab-d20ab8 289->291 293 d20aca-d20acc 291->293 294 d20aba 291->294 293->263 293->279 298 d20ac0-d20ac8 294->298 300 d20992-d20996 295->300 301 d2099b-d209a9 call d25e40 295->301 296->289 298->293 298->298 300->289 304 d209b4-d209c2 call d25e40 301->304 305 d209ab-d209af 301->305 308 d209c4-d209c8 304->308 309 d209cd-d209db call d25e40 304->309 305->289 308->289 312 d209e6-d209f4 call d25e40 309->312 313 d209dd-d209e1 309->313 316 d209f6-d209fa 312->316 317 d209ff-d20a0d call d25e40 312->317 313->289 316->289 320 d20a19-d20a27 call d25e40 317->320 321 d20a0f-d20a14 317->321 325 d20a30-d20a3e call d25e40 320->325 326 d20a29-d20a2e 320->326 322 d20aa1 321->322 322->289 329 d20a40-d20a45 325->329 330 d20a47-d20a55 call d25e40 325->330 326->322 329->322 333 d20a57-d20a5c 330->333 334 d20a5e-d20a6c call d25e40 330->334 333->322 337 d20a75-d20a83 call d25e40 334->337 338 d20a6e-d20a73 334->338 341 d20a85-d20a8a 337->341 342 d20a8c-d20a9a call d25e40 337->342 338->322 341->322 342->291 345 d20a9c 342->345 345->322
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000002,SYSTEM\CurrentControlSet\Control\ProductOptions,00000000,00020119,00000000), ref: 00D20860
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(00000000,ProductType,00000000,00000000,?), ref: 00D2089B
                                                                                                                                                                        • RegQueryValueExW.KERNEL32(00000000,ProductSuite,00000000,00000000,?,?), ref: 00D20916
                                                                                                                                                                        • RegCloseKey.KERNEL32(00000000), ref: 00D20AEE
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: QueryValue$CloseOpen
                                                                                                                                                                        • String ID: BackOffice$Blade$CommunicationServer$Compute Server$DataCenter$Embedded(Restricted)$EmbeddedNT$Enterprise$Personal$ProductSuite$ProductType$SYSTEM\CurrentControlSet\Control\ProductOptions$Security Appliance$ServerNT$Small Business$Small Business(Restricted)$Storage Server$Terminal Server$WinNT
                                                                                                                                                                        • API String ID: 1586453840-3149529848
                                                                                                                                                                        • Opcode ID: 5097f3d8a3c09ef55a1032de9cb12e2b9d00d750c8a28d1a7d6b3f2b23f27ba4
                                                                                                                                                                        • Instruction ID: c07e0b43c0d92c88b39eb6745cd003b9281f45d6c61af0d40d5d2f865b3bddc8
                                                                                                                                                                        • Opcode Fuzzy Hash: 5097f3d8a3c09ef55a1032de9cb12e2b9d00d750c8a28d1a7d6b3f2b23f27ba4
                                                                                                                                                                        • Instruction Fuzzy Hash: FA71D8307003288BDB109B21FD41BBA7B79EBA4308F5454B5AD56BB287EB74CD498B71
                                                                                                                                                                        Function 00D2FE70 Relevance: 39.1, APIs: 12, Strings: 10, Instructions: 599libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?,SystemFolder,0000000C,?,?,?), ref: 00D30075
                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00D30170
                                                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(?,00000104,WindowsFolder,0000000D,?,?,?), ref: 00D30270
                                                                                                                                                                        • GetWindowsDirectoryW.KERNEL32(?,00000104,WindowsVolume,0000000D,?,?,?), ref: 00D30355
                                                                                                                                                                        • GetTempPathW.KERNEL32(00000104,?,WindowsVolume,0000000D,?,?,?), ref: 00D303CB
                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104,WindowsVolume,0000000D,?,?,?), ref: 00D30454
                                                                                                                                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,?,WindowsVolume,0000000D,?,?,?), ref: 00D30532
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00D305A6
                                                                                                                                                                        • LoadLibraryW.KERNEL32(shfolder.dll,?,?,?), ref: 00D305BC
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 00D305EE
                                                                                                                                                                        • SHGetPathFromIDListW.SHELL32(?,?), ref: 00D3065C
                                                                                                                                                                        • SHGetMalloc.SHELL32(00000000), ref: 00D30675
                                                                                                                                                                          • Part of subcall function 00C09980: RtlAllocateHeap.NTDLL(?,00000000,?,6C34C19C,00000000,00DDC6B0,000000FF,?,?,00EBC42C,?,00D598B8,80004005,6C34C19C), ref: 00C099CA
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DirectoryPath$FolderWindows$AddressAllocateFileFromHeapInit_thread_footerLibraryListLoadLocationMallocModuleNameProcSpecialSystemTemp
                                                                                                                                                                        • String ID: ProgramFiles64Folder$ProgramW6432$SETUPEXEDIR$SHGetFolderPathW$System32Folder$SystemFolder$TempFolder$WindowsFolder$WindowsVolume$shfolder.dll
                                                                                                                                                                        • API String ID: 3671250-2142986682
                                                                                                                                                                        • Opcode ID: 1630eb66557eb1d8123524d384c6ec12780bcd9b79c272fbb2b3effa05dbfc26
                                                                                                                                                                        • Instruction ID: 5ea3440a0f4b2c80451d09ae07be459cb77d4fd5e45592492639e6cac92dc7c7
                                                                                                                                                                        • Opcode Fuzzy Hash: 1630eb66557eb1d8123524d384c6ec12780bcd9b79c272fbb2b3effa05dbfc26
                                                                                                                                                                        • Instruction Fuzzy Hash: 422215706002198BDB24DF28CC55BAEB7B1EF54314F5846A8E506E72A1EB71DE85CFA0
                                                                                                                                                                        Function 00D36470 Relevance: 25.3, APIs: 3, Strings: 11, Instructions: 773COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00D3652E
                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00D36558
                                                                                                                                                                          • Part of subcall function 00C092A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00C21134,00000000,?,00000010,?,*.*,?,80070057), ref: 00C092C3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharInit_thread_footerMultiWide$FindHeapProcessResource
                                                                                                                                                                        • String ID: %hu$A valid language was received from commnad line. This is:$AI_BOOTSTRAPPERLANGS$Advinst_Extract_$Code returned to Windows by setup:$Language of a related product is:$Language selected programatically for UI:$Language used for UI:$Languages of setup:$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$Software\Caphyon\Advanced Installer\
                                                                                                                                                                        • API String ID: 1419962739-297406034
                                                                                                                                                                        • Opcode ID: 8f5d889e027a06b8c7d30dcdd1e717a66d10bb4af3dcc12e88ad270f977a1681
                                                                                                                                                                        • Instruction ID: 96b03f187fb9e0853573e55b6ca7d351d463085614600874b949a4144e767186
                                                                                                                                                                        • Opcode Fuzzy Hash: 8f5d889e027a06b8c7d30dcdd1e717a66d10bb4af3dcc12e88ad270f977a1681
                                                                                                                                                                        • Instruction Fuzzy Hash: 8052D471A01245AFDB14DF68CC55BAEBBB4EF45314F18826CE915AB2D2EB34DD04CBA0
                                                                                                                                                                        Function 00D36130 Relevance: 23.4, APIs: 10, Strings: 3, Instructions: 648threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetActiveWindow.USER32 ref: 00D36300
                                                                                                                                                                        • SetLastError.KERNEL32(0000000E), ref: 00D3631D
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00D36335
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00EC957C), ref: 00D36352
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00EC957C), ref: 00D36375
                                                                                                                                                                        • DialogBoxParamW.USER32(000007D0,00000000,00C76090,00000000), ref: 00D36392
                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00D3652E
                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 00D36558
                                                                                                                                                                          • Part of subcall function 00D04B40: MultiByteToWideChar.KERNEL32(00000003,00000000,80000004,000000FF,00000000,00000000,?,?,00EC9384,00D4DA40,?), ref: 00D04B58
                                                                                                                                                                          • Part of subcall function 00D04B40: MultiByteToWideChar.KERNEL32(00000003,00000000,80000004,000000FF,?,-00000001), ref: 00D04B8A
                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000000,?,00000001), ref: 00D366E8
                                                                                                                                                                        • SetEvent.KERNEL32(?), ref: 00D36749
                                                                                                                                                                          • Part of subcall function 00D41C20: DeleteFileW.KERNEL32(?,?,?,?,?,00D3676B,?), ref: 00D41C4B
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharMultiWide$CriticalEventInit_thread_footerSection$ActiveCurrentDeleteDialogEnterErrorFileHeapLastLeaveParamProcessThreadWindow
                                                                                                                                                                        • String ID: v$Advinst_Extract_$Code returned to Windows by setup:
                                                                                                                                                                        • API String ID: 2923632737-2472245143
                                                                                                                                                                        • Opcode ID: dcb1cfba8dcd7f225177dfe797f75707d77f144bb34e18cc33e9b9df62d21ea9
                                                                                                                                                                        • Instruction ID: 728aa4f43e52d6ebbc4b5d37c5fe032bebcfad775ee8ad488eae1c2425effaa6
                                                                                                                                                                        • Opcode Fuzzy Hash: dcb1cfba8dcd7f225177dfe797f75707d77f144bb34e18cc33e9b9df62d21ea9
                                                                                                                                                                        • Instruction Fuzzy Hash: A2429271D01249EFDB00DFA8C849B9EBBF4EF55314F188169E815AB292DB74DA04CFA0
                                                                                                                                                                        Function 00D43590 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 179threadCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1901 d43590-d435c1 1902 d43786-d43797 1901->1902 1903 d435c7-d435e1 GetActiveWindow 1901->1903 1904 d435e3-d435e5 call d3c1b0 1903->1904 1905 d435ef-d435f7 1903->1905 1911 d435ea KiUserCallbackDispatcher 1904->1911 1907 d43612-d43621 call db4347 1905->1907 1908 d435f9-d43603 call db4245 1905->1908 1915 d43627-d4368c GetCurrentThreadId EnterCriticalSection CreateDialogParamW 1907->1915 1916 d437af-d437b6 call c18590 1907->1916 1908->1907 1914 d43605-d4360d SetLastError 1908->1914 1911->1905 1917 d43692-d436a9 GetCurrentThreadId 1914->1917 1915->1917 1920 d437bb-d437c5 call c09980 1916->1920 1923 d4370e 1917->1923 1924 d436ab-d436b2 1917->1924 1925 d43711-d43739 SetWindowTextW GetDlgItem SetWindowTextW 1923->1925 1927 d436b4-d436c0 call c211a0 call d25480 1924->1927 1928 d436c5-d43702 call d1e990 call c08d40 1924->1928 1925->1902 1930 d4373b-d43744 call c09cc0 1925->1930 1927->1928 1928->1925 1940 d43704-d4370c 1928->1940 1930->1920 1939 d43746-d43768 call c092a0 1930->1939 1945 d4379a-d437ad GetDlgItem SetWindowTextW 1939->1945 1946 d4376a-d4377c 1939->1946 1940->1925 1945->1946 1946->1902 1947 d4377e-d43781 1946->1947 1947->1902
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetActiveWindow.USER32 ref: 00D435CA
                                                                                                                                                                        • SetLastError.KERNEL32(0000000E,?,?,?,?,?,?), ref: 00D43607
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00D43692
                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 00D4371C
                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00D43726
                                                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 00D43732
                                                                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00D4379F
                                                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 00D437A7
                                                                                                                                                                          • Part of subcall function 00D3C1B0: GetDlgItem.USER32(?,00000002), ref: 00D3C1D0
                                                                                                                                                                          • Part of subcall function 00D3C1B0: GetWindowRect.USER32(00000000,?), ref: 00D3C1E6
                                                                                                                                                                          • Part of subcall function 00D3C1B0: ShowWindow.USER32(00000000,00000000,?,?,?,?,?,?,?,00D435EA,?,?,?,?,?,?), ref: 00D3C1FF
                                                                                                                                                                          • Part of subcall function 00D3C1B0: InvalidateRect.USER32(00000000,00000000,00000001,?,?,?,?,?,?,?,00D435EA,?,?), ref: 00D3C20A
                                                                                                                                                                          • Part of subcall function 00D3C1B0: GetDlgItem.USER32(?,000003E9), ref: 00D3C21C
                                                                                                                                                                          • Part of subcall function 00D3C1B0: GetWindowRect.USER32(00000000,?), ref: 00D3C232
                                                                                                                                                                          • Part of subcall function 00D3C1B0: SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000206,?,?,?,?,?,?,?,00D435EA), ref: 00D3C275
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$Item$RectText$ActiveCurrentErrorInvalidateLastShowThread
                                                                                                                                                                        • String ID: v
                                                                                                                                                                        • API String ID: 127311041-3261393531
                                                                                                                                                                        • Opcode ID: ef0ddad0cd8eb8546c4de4d3b44769fde21fb7654f2a306a4ea7ce3bf6e3868d
                                                                                                                                                                        • Instruction ID: 8132743d12c8497ec5425e851d415141639ac2430b1aeac9e9528e3f61fcdc56
                                                                                                                                                                        • Opcode Fuzzy Hash: ef0ddad0cd8eb8546c4de4d3b44769fde21fb7654f2a306a4ea7ce3bf6e3868d
                                                                                                                                                                        • Instruction Fuzzy Hash: 8A61C2B1901705EFDB11DF69CC48B49BBB4FF04320F148659E995AB2E2C771AA05CFA0
                                                                                                                                                                        Function 00C3AFF0 Relevance: 21.4, APIs: 4, Strings: 8, Instructions: 353libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 2078 c3aff0-c3b043 call c103a0 2081 c3b045-c3b04c 2078->2081 2082 c3b059-c3b0c3 call c078a0 call c07160 call d6c580 2078->2082 2083 c3b050-c3b054 call c07160 2081->2083 2084 c3b04e 2081->2084 2092 c3b0f7-c3b10f 2082->2092 2093 c3b0c5-c3b0d7 2082->2093 2083->2082 2084->2083 2096 c3b113-c3b120 call db5e78 2092->2096 2097 c3b111 2092->2097 2094 c3b0d9-c3b0e7 2093->2094 2095 c3b0ed-c3b0f4 call db46a8 2093->2095 2094->2095 2098 c3b186-c3b1ce call db9b1f call c09cc0 2094->2098 2095->2092 2105 c3b122-c3b131 LoadLibraryExW 2096->2105 2106 c3b159-c3b15d 2096->2106 2097->2096 2114 c3b2f1-c3b335 call c09980 call c09cc0 2098->2114 2115 c3b1d4-c3b1f2 2098->2115 2105->2106 2108 c3b133-c3b156 GetProcAddress * 3 2105->2108 2109 c3b168-c3b183 call db469a 2106->2109 2110 c3b15f-c3b166 call 6c60d9d0 2106->2110 2108->2106 2110->2109 2126 c3b33b-c3b35c call c09cc0 2114->2126 2127 c3b42c-c3b436 call c09980 2114->2127 2120 c3b1f4-c3b1f6 2115->2120 2121 c3b1f8-c3b1fd 2115->2121 2123 c3b20f-c3b23b call c20880 * 3 2120->2123 2124 c3b200-c3b209 2121->2124 2140 c3b25b-c3b28d 2123->2140 2141 c3b23d-c3b256 call c20880 * 2 2123->2141 2124->2124 2128 c3b20b-c3b20d 2124->2128 2126->2127 2139 c3b362-c3b380 call c09cc0 2126->2139 2128->2123 2139->2127 2151 c3b386-c3b3ab call c09cc0 2139->2151 2143 c3b290-c3b299 2140->2143 2141->2140 2143->2143 2147 c3b29b-c3b2d2 call c07160 2143->2147 2153 c3b2d4-c3b2d7 2147->2153 2154 c3b2dc-c3b2ee 2147->2154 2151->2127 2158 c3b3ad-c3b429 call c211a0 * 4 call c3d1f0 call c3b440 2151->2158 2153->2154
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,00000043), ref: 00C3B127
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,InitializeEmbeddedUI), ref: 00C3B13F
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,ShutdownEmbeddedUI), ref: 00C3B149
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,EmbeddedUIHandler), ref: 00C3B154
                                                                                                                                                                          • Part of subcall function 00C09980: RtlAllocateHeap.NTDLL(?,00000000,?,6C34C19C,00000000,00DDC6B0,000000FF,?,?,00EBC42C,?,00D598B8,80004005,6C34C19C), ref: 00C099CA
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$HeapInit_thread_footer$AllocateLibraryLoadProcess
                                                                                                                                                                        • String ID: build $19.7.1$EmbeddedUIHandler$INAN$InitializeEmbeddedUI$SELECT `Data` FROM `Binary` WHERE `Name` = 'InstallerAnalytics.dll'$ShutdownEmbeddedUI$e09f3004
                                                                                                                                                                        • API String ID: 2564778481-2055252535
                                                                                                                                                                        • Opcode ID: c10cee2c677320dc484a78b2bcdd50aa083164ffcc192b511160dcc8d280cad3
                                                                                                                                                                        • Instruction ID: ae2d32d7be7805e562decff72588035565509ba96846d5232e49990cbc270daa
                                                                                                                                                                        • Opcode Fuzzy Hash: c10cee2c677320dc484a78b2bcdd50aa083164ffcc192b511160dcc8d280cad3
                                                                                                                                                                        • Instruction Fuzzy Hash: B1D19071910209DFDB04DFA8DC55BEEBBB4FF08310F144629E925A72C1EB75AA04CB90
                                                                                                                                                                        Function 00D5D8D0 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 43libraryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 2173 d5d8d0-d5d8d7 2174 d5d8de-d5d8f5 LoadLibraryW 2173->2174 2175 d5d8d9-d5d8db 2173->2175 2176 d5d8f7-d5d907 2174->2176 2177 d5d90d-d5d90f 2174->2177 2176->2177 2178 d5d917-d5d969 GetProcAddress * 4 2177->2178 2179 d5d911-d5d914 2177->2179
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryW.KERNEL32(?,00000000,00D4098B,?,?,?,?,?), ref: 00D5D8E5
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                                                        • String ID: EndExtraction$ExtractAllFiles$GetTotalFilesSize$InitExtraction$tB
                                                                                                                                                                        • API String ID: 1029625771-137316502
                                                                                                                                                                        • Opcode ID: 9bf5bfc7ebae8ae2d6adf403ca1df1695a07460c37747eae4ae0e1cc25e8fecf
                                                                                                                                                                        • Instruction ID: fda6f510a3633db7db0d627e27fe76c72c108184e166c23bf15c62b4bfbb4f7d
                                                                                                                                                                        • Opcode Fuzzy Hash: 9bf5bfc7ebae8ae2d6adf403ca1df1695a07460c37747eae4ae0e1cc25e8fecf
                                                                                                                                                                        • Instruction Fuzzy Hash: 73019E79941725DFCB18AB62EC0DC563FA1F758356305617AEA11B3221CB73480ACF94
                                                                                                                                                                        Function 6C613B60 Relevance: 14.4, APIs: 2, Strings: 6, Instructions: 409fileCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 2778 6c613b60-6c613ba9 call 6c613250 2780 6c613d20-6c613d29 call 6c607650 2778->2780 2781 6c613baf-6c613bb8 call 6c607650 2778->2781 2786 6c613c87-6c613ce9 call 6c6063d0 call 6c606f60 call 6c614440 2780->2786 2788 6c613d2f-6c613d3d call 6c607650 call 6c608270 2780->2788 2781->2786 2787 6c613bbe-6c613bcc call 6c607650 call 6c608270 2781->2787 2807 6c613de2-6c613e19 call 6c6084d0 call 6c619f60 2786->2807 2808 6c613cef-6c613d01 2786->2808 2801 6c613bd2-6c613c02 call 6c607aa0 call 6c608270 2787->2801 2802 6c61411e-6c614128 call 6c607f30 2787->2802 2788->2802 2803 6c613d43-6c613d73 call 6c607aa0 call 6c608270 2788->2803 2801->2802 2834 6c613c08-6c613c58 call 6c607aa0 call 6c607730 2801->2834 2803->2802 2831 6c613d79-6c613dc9 call 6c607aa0 call 6c607730 2803->2831 2832 6c613e1b 2807->2832 2833 6c613e1d-6c613e39 call 6c61d070 call 6c6075b0 2807->2833 2813 6c613d07-6c613d15 2808->2813 2814 6c613dd8-6c613ddf call 6c62f81d 2808->2814 2818 6c614119 call 6c634b6f 2813->2818 2819 6c613d1b 2813->2819 2814->2807 2818->2802 2819->2814 2855 6c613dd3 2831->2855 2856 6c613dcb-6c613dce 2831->2856 2832->2833 2847 6c6140dd-6c614116 call 6c608580 call 6c6075b0 call 6c62f80f 2833->2847 2848 6c613e3f 2833->2848 2853 6c613c62-6c613c7d 2834->2853 2854 6c613c5a-6c613c5d 2834->2854 2852 6c613e45-6c613e4c 2848->2852 2858 6c613e52-6c613e54 2852->2858 2859 6c613e4e-6c613e50 2852->2859 2853->2786 2860 6c613c7f-6c613c82 2853->2860 2854->2853 2855->2814 2856->2855 2863 6c613e56-6c613e58 2858->2863 2864 6c613e5a-6c613e73 FindNextFileW 2858->2864 2862 6c613e75-6c613e77 2859->2862 2860->2786 2865 6c613eb8-6c613eff call 6c61d510 2862->2865 2866 6c613e79-6c613e88 2862->2866 2863->2865 2864->2862 2876 6c613f00-6c613f09 2865->2876 2866->2865 2868 6c613e8a-6c613e92 2866->2868 2868->2865 2872 6c613e94-6c613e9e 2868->2872 2874 6c6140d5-6c6140d7 2872->2874 2875 6c613ea4-6c613ea8 2872->2875 2874->2847 2874->2852 2875->2865 2877 6c613eaa-6c613eb2 2875->2877 2876->2876 2878 6c613f0b-6c613f84 call 6c606f60 call 6c6063d0 call 6c61a1c0 call 6c61a540 call 6c6075b0 2876->2878 2877->2865 2877->2874 2889 6c613f86-6c613f89 2878->2889 2890 6c613f8e-6c613fe2 call 6c606f60 call 6c619e00 2878->2890 2889->2890 2895 6c613fe4-6c613ff6 2890->2895 2896 6c614016-6c614032 2890->2896 2899 6c613ff8-6c614006 2895->2899 2900 6c61400c-6c614013 call 6c62f81d 2895->2900 2897 6c6140a0-6c6140a7 2896->2897 2898 6c614034-6c61403f call 6c613250 2896->2898 2902 6c6140c3-6c6140cf call 6c6075b0 2897->2902 2903 6c6140a9-6c6140b0 2897->2903 2909 6c614041-6c61406a call 6c619f60 call 6c614130 call 6c6075b0 2898->2909 2910 6c61406f-6c614086 call 6c619f60 2898->2910 2899->2818 2899->2900 2900->2896 2902->2874 2903->2902 2905 6c6140b2-6c6140be call 6c613b60 2903->2905 2905->2902 2909->2910 2917 6c614088 2910->2917 2918 6c61408a-6c61409b DeleteFileW call 6c6075b0 2910->2918 2917->2918 2918->2897
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 6C608270: GetProcessHeap.KERNEL32 ref: 6C6082CC
                                                                                                                                                                          • Part of subcall function 6C607730: #17.MSI(00000002,?,00000000,?,F1829F80), ref: 6C6077E2
                                                                                                                                                                          • Part of subcall function 6C607730: #125.MSI(00000000,00000000,[1],?,F1829F80), ref: 6C6077F9
                                                                                                                                                                          • Part of subcall function 6C607730: #125.MSI(00000000,00000001,F1829F80,?,F1829F80), ref: 6C607806
                                                                                                                                                                          • Part of subcall function 6C607730: #103.MSI(00000000,04000000,00000000,?,F1829F80), ref: 6C607818
                                                                                                                                                                          • Part of subcall function 6C607730: #8.MSI(00000000,?,F1829F80), ref: 6C607827
                                                                                                                                                                        • FindNextFileW.KERNELBASE(00000000,?,00000000,?,00000000,*.*,00000003,7FFFFFFE,?,6C698D6C,?), ref: 6C613E67
                                                                                                                                                                        • DeleteFileW.KERNEL32(00000000,?), ref: 6C61408B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2087252363.000000006C5E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2087224760.000000006C5E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087345153.000000006C68F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087378335.000000006C69B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6c5e0000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: #125File$#103DeleteFindHeapNextProcess
                                                                                                                                                                        • String ID: !$*.*$.$Logging is disabled, discard collected data.$Logging is enabled, sending data ...$session
                                                                                                                                                                        • API String ID: 1195310492-2153466073
                                                                                                                                                                        • Opcode ID: c8c1389a2dfebd9dd4c64dc888ff6f47388adb1962660f5d1663e9ca262d7b2e
                                                                                                                                                                        • Instruction ID: 42163cfb6a33314feec5edd0b6016a12d102dc838cb69e268e454bfa57f7b290
                                                                                                                                                                        • Opcode Fuzzy Hash: c8c1389a2dfebd9dd4c64dc888ff6f47388adb1962660f5d1663e9ca262d7b2e
                                                                                                                                                                        • Instruction Fuzzy Hash: 0DF1D330905248DFDB15CFA8CD54BEEBBB4AF05319F148298D005A7B91EB749B88CF99
                                                                                                                                                                        Function 00D03420 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 253COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 2924 d03420-d0347c call d03310 call c09cc0 2929 d03482 2924->2929 2930 d0356d-d035e4 call c09980 FreeLibrary EnterCriticalSection 2924->2930 2931 d03485-d034b5 call c08d40 call d1b170 2929->2931 2935 d035e6-d035ea 2930->2935 2936 d0362e-d0364f 2930->2936 2961 d034b7-d034ce 2931->2961 2962 d034ea-d034fa 2931->2962 2938 d035fc-d035fe 2935->2938 2939 d035ec-d035f6 DestroyWindow 2935->2939 2943 d03651-d03655 2936->2943 2944 d0368f-d03697 2936->2944 2938->2936 2942 d03600-d03604 2938->2942 2939->2938 2946 d03615-d0362b call db46a8 2942->2946 2947 d03606-d0360f call dbe536 2942->2947 2948 d03666-d0366b 2943->2948 2949 d03657-d03660 call dbe536 2943->2949 2953 d036c3-d036d1 2944->2953 2954 d03699-d0369c 2944->2954 2946->2936 2947->2946 2957 d0367d-d0368c call db46a8 2948->2957 2958 d0366d-d03676 call dbe536 2948->2958 2949->2948 2959 d036d3-d036d7 2953->2959 2960 d036ed-d03701 call d059b0 2953->2960 2954->2953 2955 d0369e 2954->2955 2965 d036a0-d036a5 2955->2965 2957->2944 2958->2957 2970 d036e6-d036eb 2959->2970 2971 d036d9-d036e0 2959->2971 2987 d03703 CoUninitialize 2960->2987 2988 d03709-d0371a 2960->2988 2973 d034d0-d034d3 2961->2973 2974 d034d8-d034e2 call c09cc0 2961->2974 2966 d03540-d0354f 2962->2966 2967 d034fc-d03500 2962->2967 2978 d036a7-d036a9 2965->2978 2979 d036ad-d036c1 2965->2979 2976 d03551-d03554 2966->2976 2977 d03559-d0356c 2966->2977 2980 d03532-d03538 call c09800 2967->2980 2981 d03502-d03506 2967->2981 2970->2959 2970->2960 2971->2970 2973->2974 2974->2930 2992 d034e8 2974->2992 2976->2977 2978->2979 2979->2953 2979->2965 2995 d0353d 2980->2995 2981->2980 2989 d03508-d0351e call c094e0 2981->2989 2987->2988 2997 d03520-d03528 2989->2997 2998 d0352b-d03530 2989->2998 2992->2931 2995->2966 2997->2998 2998->2995
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00D03420: GetModuleFileNameW.KERNEL32(00000000,?,00000104,6C34C19C,00000000,?,00E183F6,000000FF), ref: 00D03368
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000001,6C34C19C,?,00000001,?,?,?), ref: 00D035B7
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00EC9338), ref: 00D035D2
                                                                                                                                                                        • DestroyWindow.USER32(00000000), ref: 00D035F0
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00EC9338), ref: 00D03639
                                                                                                                                                                        • CoUninitialize.COMBASE ref: 00D03703
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalInit_thread_footerSection$DestroyEnterFileFreeHeapLeaveLibraryModuleNameProcessUninitializeWindow
                                                                                                                                                                        • String ID: v$%s%lu$.local
                                                                                                                                                                        • API String ID: 605930860-1141559199
                                                                                                                                                                        • Opcode ID: 3ddfae29e563be0fb3bb15f5e0269c15d3edbfe72daf3462cd4123a8ee18d40d
                                                                                                                                                                        • Instruction ID: d243e2ba338ff73533402ba8da35a11487a017e32bc7eacbcb84b32eae1e0edd
                                                                                                                                                                        • Opcode Fuzzy Hash: 3ddfae29e563be0fb3bb15f5e0269c15d3edbfe72daf3462cd4123a8ee18d40d
                                                                                                                                                                        • Instruction Fuzzy Hash: EA91D171A01604DFDB20DF69C848B9ABBF8FF44314F18456DE81AAB3D2DB759904CBA1
                                                                                                                                                                        Function 00DB3FD7 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 58libraryCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 3000 db3fd7-db3fe2 3001 db3ff1-db4008 LoadLibraryExA 3000->3001 3002 db3fe4-db3ff0 DecodePointer 3000->3002 3003 db400a-db401f call db4087 3001->3003 3004 db4082 3001->3004 3003->3004 3008 db4021-db4036 call db4087 3003->3008 3005 db4084-db4086 3004->3005 3008->3004 3011 db4038-db404d call db4087 3008->3011 3011->3004 3014 db404f-db4064 call db4087 3011->3014 3014->3004 3017 db4066-db4080 DecodePointer 3014->3017 3017->3005
                                                                                                                                                                        APIs
                                                                                                                                                                        • DecodePointer.KERNEL32(?,?,?,00DB4376,00EC7F88,?,00000000,?,00D4361C,?,00000000,00000000,?,?), ref: 00DB3FE9
                                                                                                                                                                        • LoadLibraryExA.KERNEL32(atlthunk.dll,00000000,00000800,?,?,?,00DB4376,00EC7F88,?,00000000,?,00D4361C,?,00000000,00000000), ref: 00DB3FFE
                                                                                                                                                                        • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DB407A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DecodePointer$LibraryLoad
                                                                                                                                                                        • String ID: AtlThunk_AllocateData$AtlThunk_DataToCode$AtlThunk_FreeData$AtlThunk_InitData$atlthunk.dll
                                                                                                                                                                        • API String ID: 1423960858-1745123996
                                                                                                                                                                        • Opcode ID: 40d9e38f70b1f4d26084a4e87935253428f5fba516b48ff1666e509fc7329e56
                                                                                                                                                                        • Instruction ID: 74814186bcf5e20cf586ddae2ca6da3a7f3dea9b725dc27772eb14bef01f8c1d
                                                                                                                                                                        • Opcode Fuzzy Hash: 40d9e38f70b1f4d26084a4e87935253428f5fba516b48ff1666e509fc7329e56
                                                                                                                                                                        • Instruction Fuzzy Hash: DA01C431649314AACB51F7159E4BFD63F588F12708F080068FEC677193D7A28E89CAA2
                                                                                                                                                                        Function 00D24F80 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 173fileCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 3018 d24f80-d24fc0 call d20240 3021 d25193-d2519b call d25220 3018->3021 3022 d24fc6-d24fe2 SHGetFolderPathW 3018->3022 3030 d2519f 3021->3030 3023 d24fe4-d24fec 3022->3023 3024 d24fee-d24ffd 3022->3024 3023->3023 3023->3024 3026 d25012-d25023 call d00860 3024->3026 3027 d24fff 3024->3027 3036 d25047-d250a4 call db6bd0 GetTempPathW call db6bd0 GetTempFileNameW 3026->3036 3037 d25025 3026->3037 3029 d25000-d25008 3027->3029 3029->3029 3032 d2500a-d2500c 3029->3032 3033 d251a1-d251bc call db469a 3030->3033 3032->3021 3032->3026 3045 d250a6-d250ac call db4f55 3036->3045 3046 d250af-d250be 3036->3046 3039 d25030-d2503c 3037->3039 3039->3021 3042 d25042-d25045 3039->3042 3042->3036 3042->3039 3045->3046 3048 d250c0-d250c8 3046->3048 3049 d250ca-d250f4 call db4f5a 3046->3049 3048->3048 3048->3049 3053 d25112-d2515e Wow64DisableWow64FsRedirection CopyFileW 3049->3053 3054 d250f6-d250ff 3049->3054 3056 d25160-d25163 call d25220 3053->3056 3057 d25168-d25176 3053->3057 3055 d25101-d25110 3054->3055 3055->3053 3055->3055 3056->3057 3057->3030 3058 d25178-d25188 Wow64RevertWow64FsRedirection 3057->3058 3058->3033 3060 d2518a-d25191 3058->3060 3060->3033
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00D20240: __Init_thread_footer.LIBCMT ref: 00D20312
                                                                                                                                                                        • SHGetFolderPathW.SHELL32(00000000,00000024,00000000,00000000,?,6C34C19C,00000000,00000000,?), ref: 00D24FD5
                                                                                                                                                                        • GetTempPathW.KERNEL32(00000104,?), ref: 00D25069
                                                                                                                                                                        • GetTempFileNameW.KERNEL32(?,shim_clone,00000000,?), ref: 00D2509A
                                                                                                                                                                        • Wow64DisableWow64FsRedirection.KERNEL32(?), ref: 00D2512D
                                                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 00D2514F
                                                                                                                                                                        • Wow64RevertWow64FsRedirection.KERNEL32(?), ref: 00D2517E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Wow64$FilePathRedirectionTemp$CopyDisableFolderInit_thread_footerNameRevert
                                                                                                                                                                        • String ID: shim_clone
                                                                                                                                                                        • API String ID: 4264308349-3944563459
                                                                                                                                                                        • Opcode ID: 848d23e17c7171794b180b9f8c2b8fe44525779e0868f9a0dc15eb954a12f70c
                                                                                                                                                                        • Instruction ID: 4da557f727c01c601171a79d533cdd20f445af3e124de5ccf9f629da7ffa2f21
                                                                                                                                                                        • Opcode Fuzzy Hash: 848d23e17c7171794b180b9f8c2b8fe44525779e0868f9a0dc15eb954a12f70c
                                                                                                                                                                        • Instruction Fuzzy Hash: 7C510574A016289EDB25DF24EC05FAAB7F9EF64700F4440A9E809E7181EB759E45CBB0
                                                                                                                                                                        Function 6C626F60 Relevance: 10.8, APIs: 7, Instructions: 342fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,F1829F80,00000000,00000000), ref: 6C626FEB
                                                                                                                                                                        • ReadFile.KERNEL32(?,00000000,00001000,?,00000000,00001000), ref: 6C62705D
                                                                                                                                                                        • ReadFile.KERNEL32(?,00000000,00001000,00000000,00000000,?,?,00000000), ref: 6C6272EA
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 6C62734B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2087252363.000000006C5E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2087224760.000000006C5E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087345153.000000006C68F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087378335.000000006C69B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6c5e0000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$Read$CloseCreateHandle
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1724936099-0
                                                                                                                                                                        • Opcode ID: bc1a046d1d482dee3316918c4980f7fa68ae4f6688a81bc43a218dbc62f76aa1
                                                                                                                                                                        • Instruction ID: 04abbbe460be8efdc05009069158f9d875c8845ecab4c437bf3c8bf7fb05f8a4
                                                                                                                                                                        • Opcode Fuzzy Hash: bc1a046d1d482dee3316918c4980f7fa68ae4f6688a81bc43a218dbc62f76aa1
                                                                                                                                                                        • Instruction Fuzzy Hash: 87D18E70E053189BDB10CFA5C958BEEBBB5FF45308F24461CE415AB680DB78A948CF99
                                                                                                                                                                        Function 00D34E40 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 290COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00D34CA0: GetTickCount.KERNEL32 ref: 00D34D24
                                                                                                                                                                          • Part of subcall function 00D34CA0: __Xtime_get_ticks.LIBCPMT ref: 00D34D2C
                                                                                                                                                                          • Part of subcall function 00D34CA0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D34D76
                                                                                                                                                                          • Part of subcall function 00D581C0: GetUserNameW.ADVAPI32(00000000,?), ref: 00D5824E
                                                                                                                                                                          • Part of subcall function 00D581C0: GetLastError.KERNEL32 ref: 00D58254
                                                                                                                                                                          • Part of subcall function 00D581C0: GetUserNameW.ADVAPI32(00000000,?), ref: 00D5829C
                                                                                                                                                                          • Part of subcall function 00D581C0: GetEnvironmentVariableW.KERNEL32(UserDomain,00000000,00000000), ref: 00D582D2
                                                                                                                                                                          • Part of subcall function 00D581C0: GetEnvironmentVariableW.KERNEL32(UserDomain,00000000,00000000,00000000,00000000), ref: 00D5831C
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00D34F64
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EnvironmentNameUserVariable$CountErrorInit_thread_footerLastTickUnothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@
                                                                                                                                                                        • String ID: \/:*?"<>|
                                                                                                                                                                        • API String ID: 2099558200-3830478854
                                                                                                                                                                        • Opcode ID: a13858fd808af82426525c43f92080de28c529e58f8bb2ecdaf0af4a2f49df62
                                                                                                                                                                        • Instruction ID: 95d6697b6de491fa8c1c8a93da5108eb72eb1975086acb85d45003d97ba15a88
                                                                                                                                                                        • Opcode Fuzzy Hash: a13858fd808af82426525c43f92080de28c529e58f8bb2ecdaf0af4a2f49df62
                                                                                                                                                                        • Instruction Fuzzy Hash: 70C18C71D01648DFDF14DFA8C859B9EBBB4BF04304F184268E405BB2D2DB75AA09CBA1
                                                                                                                                                                        Function 00D5D430 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SetFilePointer.KERNEL32(00E2902D,-00000400,?,00000002,00000400,6C34C19C,?,?,?), ref: 00D5D4D6
                                                                                                                                                                        • GetLastError.KERNEL32(?,?), ref: 00D5D4E4
                                                                                                                                                                        • ReadFile.KERNEL32(00E2902D,00000000,00000400,?,00000000,?,?), ref: 00D5D4FF
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$ErrorLastPointerRead
                                                                                                                                                                        • String ID: ADVINSTSFX
                                                                                                                                                                        • API String ID: 64821003-4038163286
                                                                                                                                                                        • Opcode ID: 7acfe06e91b3efcc4e51bc0005f1cc6d8d0cc211808d79b50123db71d0e394a7
                                                                                                                                                                        • Instruction ID: 871c18ec402cc16aa870aac364b9f6b19b02b1861dffe66c7ef0849ee9c270b3
                                                                                                                                                                        • Opcode Fuzzy Hash: 7acfe06e91b3efcc4e51bc0005f1cc6d8d0cc211808d79b50123db71d0e394a7
                                                                                                                                                                        • Instruction Fuzzy Hash: FA61A2B1A001099BDF20CF68C885BBEBBB6FB45315F294255EC15A7291D734ED4ACB70
                                                                                                                                                                        Function 00D1ADE0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 169fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?,00000000,?,\\?\,00000004,?,?,?,00E18D5D,000000FF,?,00D1B0F6,?), ref: 00D1AE83
                                                                                                                                                                          • Part of subcall function 00C092A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00C21134,00000000,?,00000010,?,*.*,?,80070057), ref: 00C092C3
                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?,6C34C19C,?,?,?,?,00E18D5D,000000FF,?,00D1B0F6,?,00000000), ref: 00D1AEB2
                                                                                                                                                                        • GetLastError.KERNEL32(?,6C34C19C,?,?,?,?,00E18D5D,000000FF,?,00D1B0F6,?,00000000), ref: 00D1AEC2
                                                                                                                                                                        • DeleteFileW.KERNEL32(?,00000000,?,\\?\,00000004,?,?,?,00000000,00E18D5D,000000FF,?,80004005,6C34C19C,?), ref: 00D1AF93
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00000000,00E18D5D,000000FF,?,80004005,6C34C19C,?,?,?,?,00E18D5D,000000FF), ref: 00D1AFD2
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DirectoryErrorInit_thread_footerLastRemove$DeleteFileFindHeapProcessResource
                                                                                                                                                                        • String ID: \\?\
                                                                                                                                                                        • API String ID: 34920479-4282027825
                                                                                                                                                                        • Opcode ID: 863afc6f131285fa79e04263909e7152df06f4a8d2eac121e6a58fb3673242d5
                                                                                                                                                                        • Instruction ID: c69ad40bce4bf9e285faa0d83cbbe11819a6ac2ab4fced1bc1fde3c8ec963a0e
                                                                                                                                                                        • Opcode Fuzzy Hash: 863afc6f131285fa79e04263909e7152df06f4a8d2eac121e6a58fb3673242d5
                                                                                                                                                                        • Instruction Fuzzy Hash: AD51DEB1A01618EFDB10DF68E808BAAB7A4FF05320F14465AF861E72D1CB719944CB61
                                                                                                                                                                        Function 6C63021B Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __RTC_Initialize.LIBCMT ref: 6C630262
                                                                                                                                                                        • ___scrt_uninitialize_crt.LIBCMT ref: 6C63027C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2087252363.000000006C5E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2087224760.000000006C5E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087345153.000000006C68F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087378335.000000006C69B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6c5e0000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Initialize___scrt_uninitialize_crt
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2442719207-0
                                                                                                                                                                        • Opcode ID: 2977d70eb79cff2e16dbe1daa0e64e4e4e77b4fedcaed185985c95e8f7ed01d7
                                                                                                                                                                        • Instruction ID: 1a97efd7a39935ea3dacb5005d302cab5a5fe92ea4cb87c095d7fa865bad6c9a
                                                                                                                                                                        • Opcode Fuzzy Hash: 2977d70eb79cff2e16dbe1daa0e64e4e4e77b4fedcaed185985c95e8f7ed01d7
                                                                                                                                                                        • Instruction Fuzzy Hash: 2841B472E056B5AFEB109F55C880BEF3AB4EB42758F007116E9186BB40D7754909CBAC
                                                                                                                                                                        Function 00D06C10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96registrylibraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(Advapi32.dll,6C34C19C,00000000,?,75A8EB20,?,?,00DDCB30,000000FF), ref: 00D06C53
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 00D06C7C
                                                                                                                                                                        • RegCreateKeyExW.KERNEL32(?,00D5887A,00000000,00000000,00000000,00DDCB30,00000000,00000000,00DDCB30,6C34C19C,00000000,?,75A8EB20,?,?,00DDCB30), ref: 00D06CC9
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,?,75A8EB20,?,?,00DDCB30,000000FF), ref: 00D06CDC
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressCloseCreateHandleModuleProc
                                                                                                                                                                        • String ID: Advapi32.dll$RegCreateKeyTransactedW
                                                                                                                                                                        • API String ID: 1765684683-2994018265
                                                                                                                                                                        • Opcode ID: e9cf2b429f9cf4d6e42fa3164d2c34754c7f2bd33e37e3db208fe5885c70a92b
                                                                                                                                                                        • Instruction ID: 0d0c236eb030abf71f3f7ce82138ba80efae0d9da4dea435972c16a6783416fa
                                                                                                                                                                        • Opcode Fuzzy Hash: e9cf2b429f9cf4d6e42fa3164d2c34754c7f2bd33e37e3db208fe5885c70a92b
                                                                                                                                                                        • Instruction Fuzzy Hash: 9631B172604209AFEB248F45DC05FAABBB8FB48750F14812AF919E72C0D775E914CBA4
                                                                                                                                                                        Function 00D3C1B0 Relevance: 10.6, APIs: 7, Instructions: 73COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00D3C1D0
                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00D3C1E6
                                                                                                                                                                        • ShowWindow.USER32(00000000,00000000,?,?,?,?,?,?,?,00D435EA,?,?,?,?,?,?), ref: 00D3C1FF
                                                                                                                                                                        • InvalidateRect.USER32(00000000,00000000,00000001,?,?,?,?,?,?,?,00D435EA,?,?), ref: 00D3C20A
                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00D3C21C
                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00D3C232
                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,?,?,?,?,00000206,?,?,?,?,?,?,?,00D435EA), ref: 00D3C275
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$Rect$Item$InvalidateShow
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2147159307-0
                                                                                                                                                                        • Opcode ID: 4b413528b3ad0c08617b6d56df2a998999d0b52d87d58758149acebc0401e34a
                                                                                                                                                                        • Instruction ID: cf990b1d183975f29fde2531644ef9f09c969877a7ed7a1107fa0c3a628a08e9
                                                                                                                                                                        • Opcode Fuzzy Hash: 4b413528b3ad0c08617b6d56df2a998999d0b52d87d58758149acebc0401e34a
                                                                                                                                                                        • Instruction Fuzzy Hash: F4216B71608300AFD300DF25CC49E6B7BE8EF8D710F008669F899E6291E731E9868B52
                                                                                                                                                                        Function 00D40160 Relevance: 9.4, APIs: 6, Instructions: 354fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SetFilePointer.KERNEL32(?,?,?,00000000,6C34C19C,?,?,00000002,?,?,?,?,?,?,00000000,00E232F2), ref: 00D401B7
                                                                                                                                                                        • GetLastError.KERNEL32(?,00000002), ref: 00D40449
                                                                                                                                                                        • GetLastError.KERNEL32(?,00000002), ref: 00D404F3
                                                                                                                                                                        • GetLastError.KERNEL32(?,00000002,?,?,?,?,?,?,00000000,00E232F2,000000FF,?,00D3F05A,00000010), ref: 00D401C6
                                                                                                                                                                          • Part of subcall function 00D1E5B0: FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,6C34C19C,?,00000000), ref: 00D1E5FB
                                                                                                                                                                          • Part of subcall function 00D1E5B0: GetLastError.KERNEL32(?,00000000), ref: 00D1E605
                                                                                                                                                                        • ReadFile.KERNEL32(?,00000000,00000008,80070057,00000000,?,00000002), ref: 00D40288
                                                                                                                                                                        • ReadFile.KERNEL32(?,6C34C19C,00000000,00000000,00000000,00000001,?,00000002), ref: 00D40305
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$File$Read$FormatMessagePointer
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3903527278-0
                                                                                                                                                                        • Opcode ID: 8720f6aac9d628ba238f402bcbc8b2b2633cdc2973095bd79f6237154c0a8f03
                                                                                                                                                                        • Instruction ID: fe7515da64002702da753e7833a512cf7b052cfd0ac20c74a19296aec9e8d793
                                                                                                                                                                        • Opcode Fuzzy Hash: 8720f6aac9d628ba238f402bcbc8b2b2633cdc2973095bd79f6237154c0a8f03
                                                                                                                                                                        • Instruction Fuzzy Hash: 40D17271D00209DFDB00DFA8D885BADBBB5FF44314F188269E915AB392EB749945CBA0
                                                                                                                                                                        Function 6C6151A0 Relevance: 9.3, APIs: 6, Instructions: 251fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,F1829F80,?,00000000), ref: 6C61524F
                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000), ref: 6C61537B
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,0000FEFF,00000002,?,00000000), ref: 6C6153A7
                                                                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 6C6153BD
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 6C615400
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 6C615465
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2087252363.000000006C5E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2087224760.000000006C5E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087345153.000000006C68F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087378335.000000006C69B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6c5e0000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$Write$CloseCreateHandlePointerSize
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3932932802-0
                                                                                                                                                                        • Opcode ID: d77c7ab0bf51db0d81d2fb673dfaab1c1c70cfd7a54fc012cd1b818182b813d8
                                                                                                                                                                        • Instruction ID: e98826a0fa45f64aadb96e46fd141fb93c5714720f3396df4b8e1dcc2f0fc185
                                                                                                                                                                        • Opcode Fuzzy Hash: d77c7ab0bf51db0d81d2fb673dfaab1c1c70cfd7a54fc012cd1b818182b813d8
                                                                                                                                                                        • Instruction Fuzzy Hash: 34A17E70D05208DFEB10CFA9C955BEEFBB4BF05309F208219E525A7A81D774AA44CF99
                                                                                                                                                                        Function 00D1B720 Relevance: 9.2, APIs: 6, Instructions: 233COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • PathIsUNCW.SHLWAPI(?,6C34C19C,00000000,?,?), ref: 00D1B76B
                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000,?,00000000,00E54494,00000001,?,?,?,?,?,00000000,00E1C395,000000FF,?,00D5EC41), ref: 00D1B82A
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,00000000,00E1C395,000000FF,?,00D5EC41,00000000,?,00000000), ref: 00D1B838
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateDirectoryErrorLastPath
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 953296794-0
                                                                                                                                                                        • Opcode ID: 1fc78e2da6738751fa85bf43f6f46d4e0390e296cc9f7274e7ec8c6bab7c3c65
                                                                                                                                                                        • Instruction ID: f4944b1aee60590b5d097b0c6b6c81d086096f7e426d742329dac530609f7934
                                                                                                                                                                        • Opcode Fuzzy Hash: 1fc78e2da6738751fa85bf43f6f46d4e0390e296cc9f7274e7ec8c6bab7c3c65
                                                                                                                                                                        • Instruction Fuzzy Hash: F881E271A04608AFDB10DFA8D889BDDBBB4EF15720F24425AE920A72D1DB709945CFA0
                                                                                                                                                                        Function 00D437D0 Relevance: 9.1, APIs: 6, Instructions: 69threadsynchronizationCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,00D5EF30,00E60B08,00000000,?), ref: 00D4384D
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D4385A
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,FFFFFFFF), ref: 00D43883
                                                                                                                                                                        • GetExitCodeThread.KERNEL32(00000000,?), ref: 00D4389D
                                                                                                                                                                        • TerminateThread.KERNEL32(00000000,00000000), ref: 00D438B5
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00D438BE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Thread$CloseCodeCreateErrorExitHandleLastObjectSingleTerminateWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1566822279-0
                                                                                                                                                                        • Opcode ID: 8f8bfe002994f65ba39419d7baee46068276afea358d7eed11ea7fa090cf7f41
                                                                                                                                                                        • Instruction ID: 9bba12693607456877d8faaee90dc359c049adb8b4eefe679a25617f8acd75b8
                                                                                                                                                                        • Opcode Fuzzy Hash: 8f8bfe002994f65ba39419d7baee46068276afea358d7eed11ea7fa090cf7f41
                                                                                                                                                                        • Instruction Fuzzy Hash: 8531C571900219AFDF10DFA9DD49BDEBBB4FB08714F104219E811B6290D7B99A08CFA4
                                                                                                                                                                        Function 00D25480 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 196COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetFileVersionInfoSizeW.KERNELBASE(80004005,00E23C95,6C34C19C,?,?,?,?,?,00000000,00E23C95,000000FF,?,80004005,6C34C19C,?), ref: 00D254E5
                                                                                                                                                                        • GetFileVersionInfoW.KERNELBASE(80004005,?,00000000,000000FF,00000000,?,?,?,?,00000000,00E23C95,000000FF,?,80004005,6C34C19C,?), ref: 00D25533
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FileInfoVersion$Size
                                                                                                                                                                        • String ID: ProductName$\StringFileInfo\%04x%04x\%s$\VarFileInfo\Translation
                                                                                                                                                                        • API String ID: 2104008232-2149928195
                                                                                                                                                                        • Opcode ID: bbcc1bd026eb4988a0de4ee80ccd3971b481a917f0de9cdc2e20ed5db080850a
                                                                                                                                                                        • Instruction ID: d56474198820f66f7ab7358567620953d20fca66736e5a157581205297361b2b
                                                                                                                                                                        • Opcode Fuzzy Hash: bbcc1bd026eb4988a0de4ee80ccd3971b481a917f0de9cdc2e20ed5db080850a
                                                                                                                                                                        • Instruction Fuzzy Hash: EF61A171901519DFDB10DFA8E849EAEB7F8FF25315F188169E811E7291D7309D04CB60
                                                                                                                                                                        Function 00D25370 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00D24F80: SHGetFolderPathW.SHELL32(00000000,00000024,00000000,00000000,?,6C34C19C,00000000,00000000,?), ref: 00D24FD5
                                                                                                                                                                          • Part of subcall function 00D24F80: GetTempPathW.KERNEL32(00000104,?), ref: 00D25069
                                                                                                                                                                          • Part of subcall function 00D24F80: GetTempFileNameW.KERNEL32(?,shim_clone,00000000,?), ref: 00D2509A
                                                                                                                                                                        • GetFileVersionInfoSizeW.KERNELBASE(?,000000FF,Shlwapi.dll,6C34C19C,00000000,?,?,00000000,00E1D9C5,000000FF,Shlwapi.dll,00D25326,?,?,?), ref: 00D253BD
                                                                                                                                                                        • GetFileVersionInfoW.KERNELBASE(?,?,?,00000000,00000000,?,?), ref: 00D253E9
                                                                                                                                                                        • GetLastError.KERNEL32(?,?), ref: 00D2542E
                                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00D25441
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$InfoPathTempVersion$DeleteErrorFolderLastNameSize
                                                                                                                                                                        • String ID: Shlwapi.dll
                                                                                                                                                                        • API String ID: 2355151265-1687636465
                                                                                                                                                                        • Opcode ID: 3efdfd35cc21d2a90802832da1b7223912b2795757973e9c7c7cc022460db098
                                                                                                                                                                        • Instruction ID: 87593645d3c1e418790b670df68370003e6c8cf34db8afa26a05cca2a2f3fb60
                                                                                                                                                                        • Opcode Fuzzy Hash: 3efdfd35cc21d2a90802832da1b7223912b2795757973e9c7c7cc022460db098
                                                                                                                                                                        • Instruction Fuzzy Hash: ED319C71904219AFCB10DFA5E844FEEFBB8EF18315F18412AE806B3290D7349985CBB0
                                                                                                                                                                        Function 00D230C0 Relevance: 7.8, APIs: 5, Instructions: 292COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadStringW.USER32(?,00000000,?,00000100), ref: 00D231BC
                                                                                                                                                                        • LoadStringW.USER32(?,00000000,?,00000001), ref: 00D23264
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: LoadString
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2948472770-0
                                                                                                                                                                        • Opcode ID: dcba534ac5a900fa04e8deb800f3d9f3132f96ed2832bb98a496fb80c9a44597
                                                                                                                                                                        • Instruction ID: 2acfce2e5b739ceec3be3c67d21a03c9d6572625ecb19eed523bc206f97b699d
                                                                                                                                                                        • Opcode Fuzzy Hash: dcba534ac5a900fa04e8deb800f3d9f3132f96ed2832bb98a496fb80c9a44597
                                                                                                                                                                        • Instruction Fuzzy Hash: 84B17CB1D00218EFDB04DFA8D845BEEBBB5FF58314F148229E415B7280DB796A45CBA4
                                                                                                                                                                        Function 00D5E990 Relevance: 7.7, APIs: 5, Instructions: 166threadsynchronizationCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,6C34C19C,?,?,00000000,?,?,?,?,00E2941D,000000FF,?,00D40E0E), ref: 00D5E9D0
                                                                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,00D5ECE0,?,00000000,?), ref: 00D5EA06
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00D5EB0F
                                                                                                                                                                        • GetExitCodeThread.KERNEL32(00000000,?), ref: 00D5EB1A
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00D5EB3A
                                                                                                                                                                          • Part of subcall function 00C18590: RaiseException.KERNEL32(6C34C19C,6C34C19C,00000000,00000000,00DB3F71,C000008C,00000001,?,00DB3FA2,00000000,?,?,?,00C090D7,00000000,6C34C19C), ref: 00C1859C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateThread$CloseCodeEventExceptionExitHandleObjectRaiseSingleWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3595790897-0
                                                                                                                                                                        • Opcode ID: abba6ba8219efd2d4985c950f22a25cb7efb4492177512d71ca1877f0f44e741
                                                                                                                                                                        • Instruction ID: db8b1923a8d1b259873cec1eb0c6fda5fe6386a99b68807f82ca67048f096910
                                                                                                                                                                        • Opcode Fuzzy Hash: abba6ba8219efd2d4985c950f22a25cb7efb4492177512d71ca1877f0f44e741
                                                                                                                                                                        • Instruction Fuzzy Hash: 4A518A74A00709DFCB28DF68C884BAABBF5FF49311F244659E916A7391D730A944CFA0
                                                                                                                                                                        Function 00D1ABE0 Relevance: 7.7, APIs: 5, Instructions: 161fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?,?), ref: 00D1AD04
                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00D1AD11
                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?,?,?,00E59138,00000001,6C34C19C,?,0000000A,00000000,00000000,00E1C175,000000FF), ref: 00D1AD20
                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00D1AD2D
                                                                                                                                                                        • FindNextFileW.KERNELBASE(?,?), ref: 00D1AD6B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$Attributes$FindNext
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3019667586-0
                                                                                                                                                                        • Opcode ID: 48f24dc4cf3f819965e52d31c8d2e0936206eabd1aea3484d68c4262cf9f3620
                                                                                                                                                                        • Instruction ID: 3045dac18528fe0f82289bf0fae015fed59e786d0407f810d076c239c7f665fa
                                                                                                                                                                        • Opcode Fuzzy Hash: 48f24dc4cf3f819965e52d31c8d2e0936206eabd1aea3484d68c4262cf9f3620
                                                                                                                                                                        • Instruction Fuzzy Hash: CE51A030502649AFDB24EF68ED54BEE77B4EF00311F184219E815A75E1EB709D84CB62
                                                                                                                                                                        Function 6C6302CB Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2087252363.000000006C5E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2087224760.000000006C5E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087345153.000000006C68F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087378335.000000006C69B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6c5e0000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: dllmain_raw$dllmain_crt_dispatch
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3136044242-0
                                                                                                                                                                        • Opcode ID: 4cc3525d7a4ff6b2b6a67ba597a76fed2e96b5a3fe585034e80f17526af6046a
                                                                                                                                                                        • Instruction ID: 10ec5e7e56ad5f275472790b7a3a8e97842fd4aacad4071c8721e91bdc71366b
                                                                                                                                                                        • Opcode Fuzzy Hash: 4cc3525d7a4ff6b2b6a67ba597a76fed2e96b5a3fe585034e80f17526af6046a
                                                                                                                                                                        • Instruction Fuzzy Hash: 6721AB71D456B6ABEB118E15C880AAF3A79EB41758F007115FD1C5F710D3314D098BEC
                                                                                                                                                                        Function 00C1845B Relevance: 7.6, APIs: 5, Instructions: 65COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 00C18470
                                                                                                                                                                        • GetWindowLongW.USER32(?,000000FC), ref: 00C18485
                                                                                                                                                                        • CallWindowProcW.USER32(?,?,00000082,?,?), ref: 00C1849B
                                                                                                                                                                        • GetWindowLongW.USER32(?,000000FC), ref: 00C184B5
                                                                                                                                                                        • SetWindowLongW.USER32(?,000000FC,?), ref: 00C184C5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$Long$CallProc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 513923721-0
                                                                                                                                                                        • Opcode ID: 3465acab50174cfd833276aa8becb5d921dbed5ec80b764c512471f9664ec536
                                                                                                                                                                        • Instruction ID: cc6522e35829d53e9d7921c60f1e7e94f8de5b89dc5185f945f3c8977f04c479
                                                                                                                                                                        • Opcode Fuzzy Hash: 3465acab50174cfd833276aa8becb5d921dbed5ec80b764c512471f9664ec536
                                                                                                                                                                        • Instruction Fuzzy Hash: BF21FF72108600AFC7219F29DC84D57FBF5FB89720B108A2DF5EA92660DB32E955AF50
                                                                                                                                                                        Function 00D1BFF0 Relevance: 7.6, APIs: 5, Instructions: 64windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • MsgWaitForMultipleObjectsEx.USER32(00000001,00000000,000000FF,000005FF,00000004), ref: 00D1C011
                                                                                                                                                                        • PeekMessageW.USER32(?,00000000), ref: 00D1C057
                                                                                                                                                                        • TranslateMessage.USER32(00000000), ref: 00D1C062
                                                                                                                                                                        • DispatchMessageW.USER32(00000000), ref: 00D1C069
                                                                                                                                                                        • MsgWaitForMultipleObjectsEx.USER32(00000001,?,000000FF,000005FF,00000004), ref: 00D1C07B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Message$MultipleObjectsWait$DispatchPeekTranslate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4084795276-0
                                                                                                                                                                        • Opcode ID: f4af65635278be54572d61f701dcbfc2f9ed073fbbd01c865658be7a55148d1e
                                                                                                                                                                        • Instruction ID: 43d0c155a8ba752d60afb4c94035f264243d17a74f452c13169bde9ca260e97c
                                                                                                                                                                        • Opcode Fuzzy Hash: f4af65635278be54572d61f701dcbfc2f9ed073fbbd01c865658be7a55148d1e
                                                                                                                                                                        • Instruction Fuzzy Hash: 22115971A84305BEE320CB55AC81FE7B7DCEB88764F500236FA50A20C0DB31E9898B31
                                                                                                                                                                        Function 6C627A60 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 421COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 6C608270: GetProcessHeap.KERNEL32 ref: 6C6082CC
                                                                                                                                                                        • PathIsUNCW.SHLWAPI(00000010), ref: 6C627CCD
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2087252363.000000006C5E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2087224760.000000006C5E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087345153.000000006C68F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087378335.000000006C69B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6c5e0000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HeapPathProcess
                                                                                                                                                                        • String ID: \\?\$\\?\UNC\$gkal
                                                                                                                                                                        • API String ID: 300331711-113488020
                                                                                                                                                                        • Opcode ID: dd4a204b37e65d0fd865c20b6118e0987ecbc8dc61ac051130407ac36fbaafc9
                                                                                                                                                                        • Instruction ID: f6bfaf62ea48b2ac6065c5293c5dbec6b164d8e8386fc39a963d52bcb218704b
                                                                                                                                                                        • Opcode Fuzzy Hash: dd4a204b37e65d0fd865c20b6118e0987ecbc8dc61ac051130407ac36fbaafc9
                                                                                                                                                                        • Instruction Fuzzy Hash: 8DF19071A0150ADFDB04CFA8C844B9EF7B5FF45318F148669D421A7790DB39A909CFA8
                                                                                                                                                                        Function 00D59FE0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 257filepipeCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • ConnectNamedPipe.KERNEL32(?,00000000,6C34C19C,?,000000FF,?,?,00000000,00E2863E,000000FF,?,00D5A25A,000000FF,?,00000001), ref: 00D5A01C
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00000000,00E2863E,000000FF,?,00D5A25A,000000FF,?,00000001), ref: 00D5A026
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • ReadFile.KERNEL32(?,?,00007F90,?,00000000,6C34C19C,?,000000FF,?,?,00000000,00E2863E,000000FF,?,00D5A25A,000000FF), ref: 00D5A073
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Init_thread_footer$ConnectErrorFileHeapLastNamedPipeProcessRead
                                                                                                                                                                        • String ID: \\.\pipe\ToServer
                                                                                                                                                                        • API String ID: 2973225359-63420281
                                                                                                                                                                        • Opcode ID: 8394d367f15cc03f2af8e697d4b79159f234b6eb8d267f3652160302e3a46179
                                                                                                                                                                        • Instruction ID: a05fc3916fb7ba01865a2a71435a78b56e43cd9c20041b37c367724ad25a553e
                                                                                                                                                                        • Opcode Fuzzy Hash: 8394d367f15cc03f2af8e697d4b79159f234b6eb8d267f3652160302e3a46179
                                                                                                                                                                        • Instruction Fuzzy Hash: DD91BF71A002189FDF14DF6CC805BAAB7A4FF45324F14866DED269B3C1DB75A904CBA1
                                                                                                                                                                        Function 6C627EB0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 175COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • PathIsUNCW.SHLWAPI(?,F1829F80,00000000,00000000,?,?,00000000,6C6616B5,000000FF,?,6C616B67,?,00000000), ref: 6C627EF9
                                                                                                                                                                        • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,6C67A1AC,00000001,?), ref: 6C627FAD
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 6C627FB7
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2087252363.000000006C5E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2087224760.000000006C5E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087345153.000000006C68F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087378335.000000006C69B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6c5e0000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateDirectoryErrorLastPath
                                                                                                                                                                        • String ID: gkal
                                                                                                                                                                        • API String ID: 953296794-4225057778
                                                                                                                                                                        • Opcode ID: 3604020e021658b7c1217fdb0b199bc593b804293e860ac539dd03b53e93f197
                                                                                                                                                                        • Instruction ID: e0c7772aa435b759b9c2ac5b64412010d6a0cc0150f1247148b96cf3d5b47548
                                                                                                                                                                        • Opcode Fuzzy Hash: 3604020e021658b7c1217fdb0b199bc593b804293e860ac539dd03b53e93f197
                                                                                                                                                                        • Instruction Fuzzy Hash: BF519131A04609DBDB00CFA9C884B9DFBB4EF4A324F24825AD421A76D0DB799904CF59
                                                                                                                                                                        Function 6C605E00 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SHGetFolderPathW.SHELL32(00000000,00000024,00000000,00000000,?,F1829F80,00000034), ref: 6C605E5C
                                                                                                                                                                        • GetVolumeInformationW.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 6C605E7E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2087252363.000000006C5E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2087224760.000000006C5E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087345153.000000006C68F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087378335.000000006C69B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6c5e0000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FolderInformationPathVolume
                                                                                                                                                                        • String ID: %08X$AABBCCDD
                                                                                                                                                                        • API String ID: 1564939276-726327320
                                                                                                                                                                        • Opcode ID: 68d5b4eb6399e4c3125619bf135be97208b6cc80885030b8f891bd2609522057
                                                                                                                                                                        • Instruction ID: 5b717b3fc24ed365323fbdbc9609ef5756682e0838b9796504c2947b9101ed2f
                                                                                                                                                                        • Opcode Fuzzy Hash: 68d5b4eb6399e4c3125619bf135be97208b6cc80885030b8f891bd2609522057
                                                                                                                                                                        • Instruction Fuzzy Hash: 27313DB05143499FDB24CF64DD44BEABBF8FB04704F004A2EE955DBA80E7B466488B99
                                                                                                                                                                        Function 00D1AEF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • DeleteFileW.KERNEL32(?,00000000,?,\\?\,00000004,?,?,?,00000000,00E18D5D,000000FF,?,80004005,6C34C19C,?), ref: 00D1AF93
                                                                                                                                                                          • Part of subcall function 00C092A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00C21134,00000000,?,00000010,?,*.*,?,80070057), ref: 00C092C3
                                                                                                                                                                        • DeleteFileW.KERNEL32(?,6C34C19C,?,74DF3340,?,00000000,00E18D5D,000000FF,?,00D1AD37), ref: 00D1AFC2
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00000000,00E18D5D,000000FF,?,80004005,6C34C19C,?,?,?,?,00E18D5D,000000FF), ref: 00D1AFD2
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DeleteFileInit_thread_footer$ErrorFindHeapLastProcessResource
                                                                                                                                                                        • String ID: \\?\
                                                                                                                                                                        • API String ID: 1908169709-4282027825
                                                                                                                                                                        • Opcode ID: 32b4edfd98ff249e929d4317be3b80f75fc6e2275c2b522a5508b1e1af21bee2
                                                                                                                                                                        • Instruction ID: 75d4203eb4bc6b242d0838287c400648be9e6566f06f82835194c4c837ddbcd4
                                                                                                                                                                        • Opcode Fuzzy Hash: 32b4edfd98ff249e929d4317be3b80f75fc6e2275c2b522a5508b1e1af21bee2
                                                                                                                                                                        • Instruction Fuzzy Hash: EB21DEB2901618EFDB04DF69E808BAEBBA4FF05320F15465AF861D72E1CB319945CF61
                                                                                                                                                                        Function 00D349A0 Relevance: 6.1, APIs: 4, Instructions: 145fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,?,6C34C19C,?,00000010,?,00D37D90,?), ref: 00D34A06
                                                                                                                                                                        • SetFilePointer.KERNEL32(00000000,?,00000010,00000000), ref: 00D34A4F
                                                                                                                                                                        • ReadFile.KERNEL32(00000000,6C34C19C,?,?,00000000,00000078,?), ref: 00D34A91
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00D34B0A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$CloseCreateHandlePointerRead
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4133201480-0
                                                                                                                                                                        • Opcode ID: 80d1db99c6bda94fdabe08d1bbcbaaca1f54a552811bbd750e53942610350346
                                                                                                                                                                        • Instruction ID: 4e2cc61ad6f11d55ed028165ed1b0b06fc5ee849ad084dbaa6c2127505d4ca46
                                                                                                                                                                        • Opcode Fuzzy Hash: 80d1db99c6bda94fdabe08d1bbcbaaca1f54a552811bbd750e53942610350346
                                                                                                                                                                        • Instruction Fuzzy Hash: B8517D71A016099FDB11CFA8CC49BEEFBB8EF45324F188259E411AB2D1D778AD05CB64
                                                                                                                                                                        Function 00D3C140 Relevance: 6.0, APIs: 4, Instructions: 30threadwindowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00D3C149
                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00E212D0,000000FF), ref: 00D3C158
                                                                                                                                                                        • PostMessageW.USER32(?,00000401,00000000,00000000), ref: 00D3C176
                                                                                                                                                                        • IsWindow.USER32(?), ref: 00D3C185
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$CurrentDestroyMessagePostThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3186974096-0
                                                                                                                                                                        • Opcode ID: a8822e09d837a99345653042bfa5a3258dd1d293b51883d13d72ea5a4fabca99
                                                                                                                                                                        • Instruction ID: c25e11e35d32ffd46d67ae628246ecf521b75461b1628ca0f4e1f87d0cc98961
                                                                                                                                                                        • Opcode Fuzzy Hash: a8822e09d837a99345653042bfa5a3258dd1d293b51883d13d72ea5a4fabca99
                                                                                                                                                                        • Instruction Fuzzy Hash: 2BF0E270019B409ED3309B29EE08F03BFE16B58B00F041A5DE082A6A90C3B1F845CF24
                                                                                                                                                                        Function 00C10570 Relevance: 4.8, APIs: 3, Instructions: 345fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetTempFileNameW.KERNEL32(?,?,00000000,?,6C34C19C,?), ref: 00C105E2
                                                                                                                                                                        • MoveFileW.KERNEL32(?,00000000), ref: 00C10835
                                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 00C1087F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$DeleteMoveNameTemp
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 788073729-0
                                                                                                                                                                        • Opcode ID: fea8cfcf607709054e5229da03083f5944936d1b5ff4f8a6c669baddf0b076ae
                                                                                                                                                                        • Instruction ID: 0e1081ca8db8f36e6ceb10a6ce701f118eb512408df44c26a4b494b514834274
                                                                                                                                                                        • Opcode Fuzzy Hash: fea8cfcf607709054e5229da03083f5944936d1b5ff4f8a6c669baddf0b076ae
                                                                                                                                                                        • Instruction Fuzzy Hash: 68F18870D15268CADB24DF28CC987DDBBB0AF45304F2042C9D409A7291EBB96BC4DFA0
                                                                                                                                                                        Function 00C101A0 Relevance: 4.8, APIs: 3, Instructions: 275fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetTempFileNameW.KERNEL32(?,?,00000000,?,6C34C19C,?,00000004), ref: 00C101FB
                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,00000004), ref: 00C1023E
                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000,?,00000004), ref: 00C1024D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$CreateDeleteDirectoryNameTemp
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2411147693-0
                                                                                                                                                                        • Opcode ID: dd7a93eea3367bd32ffb4c1cf36c2e5fbebb257424b56bc7890cdc859a13eed6
                                                                                                                                                                        • Instruction ID: 999376c20072a781dd3239ce745dda267295868c99addf83ec27dae77c126d27
                                                                                                                                                                        • Opcode Fuzzy Hash: dd7a93eea3367bd32ffb4c1cf36c2e5fbebb257424b56bc7890cdc859a13eed6
                                                                                                                                                                        • Instruction Fuzzy Hash: 69B17AB0D00248DBDB14DF68C9997EEBBB4EF45314F24429DE405A7291DBB86B84DFA0
                                                                                                                                                                        Function 00D6F220 Relevance: 4.7, APIs: 3, Instructions: 214synchronizationCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00D6F900: OpenEventW.KERNEL32(00000000,00000000,00000000,_pbl_evt,00000008,?,?,00E5BE58,00000001,6C34C19C,00000000), ref: 00D6F9AE
                                                                                                                                                                          • Part of subcall function 00D6F900: CreateEventW.KERNEL32(00000000,00000001,00000001,?), ref: 00D6F9CB
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,00000000,00000001,6C34C19C,?,00000000), ref: 00D6F26E
                                                                                                                                                                        • ResetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00E2B2E9,000000FF), ref: 00D6F283
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Event$CreateObjectOpenResetSingleWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2109722436-0
                                                                                                                                                                        • Opcode ID: 446f6b7b7ed4bd65d82b3a3e557094bcfce2963d199d8f6dedca6cac7791ea67
                                                                                                                                                                        • Instruction ID: 4faf8238005ba7aad237931de86c9f1bc50fedbafa0c25bc6375f5e2a6893fb5
                                                                                                                                                                        • Opcode Fuzzy Hash: 446f6b7b7ed4bd65d82b3a3e557094bcfce2963d199d8f6dedca6cac7791ea67
                                                                                                                                                                        • Instruction Fuzzy Hash: 0481D071D00648DFDB04CFA8D845B9EBBB0FF55314F24826DE404AB392D775AA46CBA0
                                                                                                                                                                        Function 00DCEA0C Relevance: 4.7, APIs: 3, Instructions: 202COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __freea.LIBCMT ref: 00DCEBBB
                                                                                                                                                                          • Part of subcall function 00DCCA67: RtlAllocateHeap.NTDLL(00000000,00000000,00DCA813,?,00DCE9B8,?,00000000,?,00DBE5A5,00000000,00DCA813,?,?,?,?,00DCA60D), ref: 00DCCA99
                                                                                                                                                                        • __freea.LIBCMT ref: 00DCEBD0
                                                                                                                                                                        • __freea.LIBCMT ref: 00DCEBE0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: __freea$AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2243444508-0
                                                                                                                                                                        • Opcode ID: f44b2741edfa7a25b39c78eaccfd84046a3c87d7e2a8dc06dd8c11a93db905de
                                                                                                                                                                        • Instruction ID: 844c426ec751fc734fc1700d2f8ae2d08c0b926f0c0206aad7254adc60e80575
                                                                                                                                                                        • Opcode Fuzzy Hash: f44b2741edfa7a25b39c78eaccfd84046a3c87d7e2a8dc06dd8c11a93db905de
                                                                                                                                                                        • Instruction Fuzzy Hash: DC519FB2600217AFEF259FA4DC82FBB3BAAEB44750B19012DFD0AD7151E670CD109670
                                                                                                                                                                        Function 00D3FC90 Relevance: 4.7, APIs: 3, Instructions: 191fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SetFilePointer.KERNEL32(?,?,?,00000000,6C34C19C,?,?), ref: 00D3FCF7
                                                                                                                                                                        • ReadFile.KERNEL32(?,00000000,00000018,?,00000000), ref: 00D3FE04
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$PointerRead
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3154509469-0
                                                                                                                                                                        • Opcode ID: 3bc436127b4a1236b3a84a2c3f7506f165097b8a24a188f74935fbfad388cac3
                                                                                                                                                                        • Instruction ID: 6c433108cf0c9501cf1ed87bffa3bc3dd57358ed2dcd68ac7a26068300aaae74
                                                                                                                                                                        • Opcode Fuzzy Hash: 3bc436127b4a1236b3a84a2c3f7506f165097b8a24a188f74935fbfad388cac3
                                                                                                                                                                        • Instruction Fuzzy Hash: D0617071D00609EFDB04CFA8C845B9DFBB4FF09320F14826AE924A7391DB759A04CBA1
                                                                                                                                                                        Function 00D3D040 Relevance: 4.7, APIs: 3, Instructions: 183fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,6C34C19C,?,00000000,?,80004005,?,00000000), ref: 00D3D0DE
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D3D116
                                                                                                                                                                        • GetLastError.KERNEL32(?), ref: 00D3D1AF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast$CreateFile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1722934493-0
                                                                                                                                                                        • Opcode ID: 005925176d5010d181be14c8aacfa2ee1572d6a4dbabcf417e20b0e1a3a070f4
                                                                                                                                                                        • Instruction ID: 5ce51879a02c62ff64704a8402965a91440c1567c26357faf3b60d07f28c1aed
                                                                                                                                                                        • Opcode Fuzzy Hash: 005925176d5010d181be14c8aacfa2ee1572d6a4dbabcf417e20b0e1a3a070f4
                                                                                                                                                                        • Instruction Fuzzy Hash: E251F171A007059FDB20DF68E845B9AF7B2FF44320F148669E915E73E0EB31A905CBA0
                                                                                                                                                                        Function 00D6C670 Relevance: 4.7, APIs: 3, Instructions: 181fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNEL32(00D6D5B6,40000000,00000001,00000000,00000002,00000080,00000000,6C34C19C,?,00000001), ref: 00D6C6D2
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,0000C800,0000C800,0000C800,00000000,?,0000C800), ref: 00D6C768
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,0000C800), ref: 00D6C7DC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1065093856-0
                                                                                                                                                                        • Opcode ID: 7fa63d0ca397bfa26ac9f51e722341ae164bd9bf3dbaed5f330d7297bfd3efc5
                                                                                                                                                                        • Instruction ID: aee788a8d6cae5786797f6382f04ac8fa75b5169f1462f0fbd6bffa940f0fc8b
                                                                                                                                                                        • Opcode Fuzzy Hash: 7fa63d0ca397bfa26ac9f51e722341ae164bd9bf3dbaed5f330d7297bfd3efc5
                                                                                                                                                                        • Instruction Fuzzy Hash: 8A516871A10219AFDF14DFA8DD49BEEBBB9FF48310F144259E800B7290DB75A904CBA4
                                                                                                                                                                        Function 00D19470 Relevance: 4.6, APIs: 3, Instructions: 142fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • DeleteFileW.KERNEL32(00000000,0000002A,00000000,?,6C34C19C), ref: 00D194E0
                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,00000000,0000002A,00000000,?,6C34C19C), ref: 00D1957A
                                                                                                                                                                        • FindNextFileW.KERNEL32(?,?), ref: 00D195BB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$Delete$FindNext
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1410743141-0
                                                                                                                                                                        • Opcode ID: da1e946aafe62a6270b9cadf17270bcb6941930c9aab02a95fcae73014b8fe90
                                                                                                                                                                        • Instruction ID: 2d5cb88b1d3fd1249f6559334daa3fb06417b2a036df0815e94c446cac84b0f9
                                                                                                                                                                        • Opcode Fuzzy Hash: da1e946aafe62a6270b9cadf17270bcb6941930c9aab02a95fcae73014b8fe90
                                                                                                                                                                        • Instruction Fuzzy Hash: 26518530901218AFEF25DF58D9A9BEDF775EF05320F144299E819A72D1DB309D85CB60
                                                                                                                                                                        Function 00D3BF40 Relevance: 4.6, APIs: 3, Instructions: 80COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(00D3B881), ref: 00D3BF40
                                                                                                                                                                        • EnableWindow.USER32(?,00000000), ref: 00D3BFD1
                                                                                                                                                                        • DestroyWindow.USER32(?,?,?), ref: 00D3BFF7
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$DestroyEnableErrorLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2755773105-0
                                                                                                                                                                        • Opcode ID: 82981ec4252fdafcf996a5e678f5e4fb0d8aec1d0a9a603cce5513cb03890d79
                                                                                                                                                                        • Instruction ID: c461ed93395cba24c917603e4eed79e4c27ff15313421e76bc6214c67eaa2fa6
                                                                                                                                                                        • Opcode Fuzzy Hash: 82981ec4252fdafcf996a5e678f5e4fb0d8aec1d0a9a603cce5513cb03890d79
                                                                                                                                                                        • Instruction Fuzzy Hash: 892102B56141099BDB209F18EC41BAAB794EB54320F004227FD08C7391C7B6EC65DBF1
                                                                                                                                                                        Function 00DBFD83 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,00DBFD7D,?,00DB9912,?,?,6C34C19C,00DB9912,?), ref: 00DBFD94
                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,00DBFD7D,?,00DB9912,?,?,6C34C19C,00DB9912,?), ref: 00DBFD9B
                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00DBFDAD
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                        • Opcode ID: aa54f16406950356ffa1b88cb2f0e65db099a60f94dcca5aff4c57f128af048d
                                                                                                                                                                        • Instruction ID: 14192b08b3507c9ae168ce974e2763f1bb07a3f360b8df5cef937b0e63fee4cb
                                                                                                                                                                        • Opcode Fuzzy Hash: aa54f16406950356ffa1b88cb2f0e65db099a60f94dcca5aff4c57f128af048d
                                                                                                                                                                        • Instruction Fuzzy Hash: ACD09E3100050CFFCF412FA2EC4D9DE3F26EF44345B144024B90A66033DBB1D996DA60
                                                                                                                                                                        Function 00D1BB70 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 217COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000025,00000000,6C34C19C), ref: 00D1BD10
                                                                                                                                                                          • Part of subcall function 00D1BDD0: GetEnvironmentVariableW.KERNEL32(00000000,00000000,00000000,?,?,?,80004005), ref: 00D1BDDD
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Init_thread_footer$EnvironmentFolderHeapPathProcessSpecialVariable
                                                                                                                                                                        • String ID: USERPROFILE
                                                                                                                                                                        • API String ID: 1777821646-2419442777
                                                                                                                                                                        • Opcode ID: 0a3d2d3bcae7ac57b68d4e24638e47acfe9de52e87f6743790b3206dd93f7bd1
                                                                                                                                                                        • Instruction ID: 01a06f3510eca33220eed17b3464829cb6817469c438d7814574ee5dfd55a6e1
                                                                                                                                                                        • Opcode Fuzzy Hash: 0a3d2d3bcae7ac57b68d4e24638e47acfe9de52e87f6743790b3206dd93f7bd1
                                                                                                                                                                        • Instruction Fuzzy Hash: 6061C071A00605AFDB14DF68D859BEEB7A5EF44320F14866EE816DB392DF309904CBA0
                                                                                                                                                                        Function 00D5A1A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000,6C34C19C,?,00000010,?,?,00E2868E,000000FF), ref: 00D5A228
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                          • Part of subcall function 00D59FE0: ConnectNamedPipe.KERNEL32(?,00000000,6C34C19C,?,000000FF,?,?,00000000,00E2863E,000000FF,?,00D5A25A,000000FF,?,00000001), ref: 00D5A01C
                                                                                                                                                                          • Part of subcall function 00D59FE0: GetLastError.KERNEL32(?,?,00000000,00E2863E,000000FF,?,00D5A25A,000000FF,?,00000001), ref: 00D5A026
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Init_thread_footer$ConnectErrorFileHeapLastNamedPipeProcessWrite
                                                                                                                                                                        • String ID: \\.\pipe\ToServer
                                                                                                                                                                        • API String ID: 3549655173-63420281
                                                                                                                                                                        • Opcode ID: c891d7bfcf6d75f46328886d6cca375f2dd9edc2fd9d365da2553c9e9f5e0704
                                                                                                                                                                        • Instruction ID: 57caeb25bd0c0ad99c496658c37283af39634f35e30424dc542447ef1c61b264
                                                                                                                                                                        • Opcode Fuzzy Hash: c891d7bfcf6d75f46328886d6cca375f2dd9edc2fd9d365da2553c9e9f5e0704
                                                                                                                                                                        • Instruction Fuzzy Hash: A4417C71A04218EFDB04CF58D805BAEB7E8EF45724F10426EEC15DB381DB76A904CBA4
                                                                                                                                                                        Function 00C092A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C090A0: FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000,6C34C19C,?,?,*.*,?,00000000,00DDCB30,000000FF,?,00C092B0,?), ref: 00C090F6
                                                                                                                                                                        • FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00C21134,00000000,?,00000010,?,*.*,?,80070057), ref: 00C092C3
                                                                                                                                                                          • Part of subcall function 00C09160: LoadResource.KERNEL32(00000000,00000000,6C34C19C,00000001,00000000,?,00000000,00DDC480,000000FF,?,00C0910C,6C34C19C,?,?,*.*,?), ref: 00C0918B
                                                                                                                                                                          • Part of subcall function 00C09160: LockResource.KERNEL32(00000000,?,00C0910C,6C34C19C,?,?,*.*,?,00000000,00DDCB30,000000FF,?,00C092B0,?,?,*.*), ref: 00C09196
                                                                                                                                                                          • Part of subcall function 00C09160: SizeofResource.KERNEL32(00000000,00000000,?,00C0910C,6C34C19C,?,?,*.*,?,00000000,00DDCB30,000000FF,?,00C092B0,?,?), ref: 00C091A4
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Resource$Find$LoadLockSizeof
                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                        • API String ID: 3127896203-438819550
                                                                                                                                                                        • Opcode ID: 6745a363630c7826c61b44abcb379f6aee18e1c34a9d6d52f7393aedd8db57f8
                                                                                                                                                                        • Instruction ID: 01277d14b9892978bdc6bc5310ff27af236d5ca21df890daa7a9ab2ac347984d
                                                                                                                                                                        • Opcode Fuzzy Hash: 6745a363630c7826c61b44abcb379f6aee18e1c34a9d6d52f7393aedd8db57f8
                                                                                                                                                                        • Instruction Fuzzy Hash: 7211C172300125AFD7049B69D888ABBB39DEF88310B10802EF555CB292DB76DD11DBA0
                                                                                                                                                                        Function 00C090A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00DB3F72: EnterCriticalSection.KERNEL32(00EC7F5C,?,?,?,00C090D7,00000000,6C34C19C,?,?,*.*,?,00000000,00DDCB30,000000FF,?,00C092B0), ref: 00DB3F7D
                                                                                                                                                                          • Part of subcall function 00DB3F72: LeaveCriticalSection.KERNEL32(00EC7F5C,?,?,?,00C090D7,00000000,6C34C19C,?,?,*.*,?,00000000,00DDCB30,000000FF,?,00C092B0), ref: 00DB3FA9
                                                                                                                                                                        • FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000,6C34C19C,?,?,*.*,?,00000000,00DDCB30,000000FF,?,00C092B0,?), ref: 00C090F6
                                                                                                                                                                          • Part of subcall function 00C09160: LoadResource.KERNEL32(00000000,00000000,6C34C19C,00000001,00000000,?,00000000,00DDC480,000000FF,?,00C0910C,6C34C19C,?,?,*.*,?), ref: 00C0918B
                                                                                                                                                                          • Part of subcall function 00C09160: LockResource.KERNEL32(00000000,?,00C0910C,6C34C19C,?,?,*.*,?,00000000,00DDCB30,000000FF,?,00C092B0,?,?,*.*), ref: 00C09196
                                                                                                                                                                          • Part of subcall function 00C09160: SizeofResource.KERNEL32(00000000,00000000,?,00C0910C,6C34C19C,?,?,*.*,?,00000000,00DDCB30,000000FF,?,00C092B0,?,?), ref: 00C091A4
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Resource$CriticalSection$EnterFindLeaveLoadLockSizeof
                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                        • API String ID: 529824247-438819550
                                                                                                                                                                        • Opcode ID: 31555e34a09ab5349e3ee8252a5cb17c61ca26d4bd81d8c8ec1e6c433f4181b1
                                                                                                                                                                        • Instruction ID: 40bc7f38f0a34efcc9d3a63ea2d2b8df077d487356cd1cc806204c45d5c85ddd
                                                                                                                                                                        • Opcode Fuzzy Hash: 31555e34a09ab5349e3ee8252a5cb17c61ca26d4bd81d8c8ec1e6c433f4181b1
                                                                                                                                                                        • Instruction Fuzzy Hash: 7911C832F04215ABD7254B59AC82B7AB3E8EB48B60F00027EFD16D33C1DA759D018690
                                                                                                                                                                        Function 00DD47BA Relevance: 3.2, APIs: 2, Instructions: 177COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00DD42EA: GetOEMCP.KERNEL32(00000000,?,?,?,?), ref: 00DD4315
                                                                                                                                                                        • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,00DD4601,?,00000000,?,?,?), ref: 00DD481B
                                                                                                                                                                        • GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,00DD4601,?,00000000,?,?,?), ref: 00DD485D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CodeInfoPageValid
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 546120528-0
                                                                                                                                                                        • Opcode ID: 898ac6e0af398b94d757c7be51067e5be8ecf8fe8bddef40a1914119357f106c
                                                                                                                                                                        • Instruction ID: 6450c659541aa1cc76aafd289c0161c71bb059c93a0660a18aeb622c95cf1c23
                                                                                                                                                                        • Opcode Fuzzy Hash: 898ac6e0af398b94d757c7be51067e5be8ecf8fe8bddef40a1914119357f106c
                                                                                                                                                                        • Instruction Fuzzy Hash: 7151F171A007859FEB20CF66C891AABBBF5EF46300F18406FD0969B352D67599468BB0
                                                                                                                                                                        Function 00D5F3D0 Relevance: 3.1, APIs: 2, Instructions: 129COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • IsWindow.USER32(00000000), ref: 00D5F421
                                                                                                                                                                        • EndDialog.USER32(00000000,00000001), ref: 00D5F430
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DialogWindow
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2634769047-0
                                                                                                                                                                        • Opcode ID: 15d7118baccaea8a810cba746a432989263e840b64990e9929d0bc4106d8d4dd
                                                                                                                                                                        • Instruction ID: ae00702eb3ec4812405e48c19ba2718d1c16e7cd0cb54d02cda9d3929877f11e
                                                                                                                                                                        • Opcode Fuzzy Hash: 15d7118baccaea8a810cba746a432989263e840b64990e9929d0bc4106d8d4dd
                                                                                                                                                                        • Instruction Fuzzy Hash: 7B518C30901745DFDB11CF69C948B4AFBF4FF45311F1886A9E859EB2A1D770AA08CBA1
                                                                                                                                                                        Function 6C6280B0 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001C,00000000,F1829F80,?,F1829F80,6C66170E,000000FF), ref: 6C628100
                                                                                                                                                                          • Part of subcall function 6C608270: GetProcessHeap.KERNEL32 ref: 6C6082CC
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,80004005), ref: 6C6281BB
                                                                                                                                                                          • Part of subcall function 6C609680: FindResourceW.KERNEL32(00000000,?,00000006,00000000,?,?,6C628135,-00000010), ref: 6C6096B8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2087252363.000000006C5E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2087224760.000000006C5E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087345153.000000006C68F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087378335.000000006C69B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6c5e0000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FindFolderFreeHeapLibraryPathProcessResourceSpecial
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 584424649-0
                                                                                                                                                                        • Opcode ID: 115e0641ce9d3fcf89d7c38dd5ebe80ae67a60fa8667340b5108f58eb5e34872
                                                                                                                                                                        • Instruction ID: 2d76361e0f400e3ff2ffe9850591b9d0fbb5f021c2bb73499c486f15f859c368
                                                                                                                                                                        • Opcode Fuzzy Hash: 115e0641ce9d3fcf89d7c38dd5ebe80ae67a60fa8667340b5108f58eb5e34872
                                                                                                                                                                        • Instruction Fuzzy Hash: FE31C4716002059FEB18DF69CC18BEE77F8EF09308F10451EE819DBA91DB749A08CB99
                                                                                                                                                                        Function 00CBC500 Relevance: 3.1, APIs: 2, Instructions: 70COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • IsWindow.USER32(00000004), ref: 00CBC54A
                                                                                                                                                                        • DestroyWindow.USER32(00000004,?,?,?,?,?,?,?,?,000000FF), ref: 00CBC557
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$Destroy
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3707531092-0
                                                                                                                                                                        • Opcode ID: af0a9a952eddc4df082f82b8f55cd72ee0561926baaa67ca8fdf23984797a8de
                                                                                                                                                                        • Instruction ID: 3fd20ab4d6f76b7aebf7c03fe3685bee01a7fb63b32fdc263fc6254bfba88398
                                                                                                                                                                        • Opcode Fuzzy Hash: af0a9a952eddc4df082f82b8f55cd72ee0561926baaa67ca8fdf23984797a8de
                                                                                                                                                                        • Instruction Fuzzy Hash: C231A970804689EFDB05DF69C909B8EFBB4BF11310F5482A9E455A36D1DBB0AA08DB91
                                                                                                                                                                        Function 00D5D7F0 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00D5D855
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00D5D8A9
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseFreeHandleLibrary
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 10933145-0
                                                                                                                                                                        • Opcode ID: fa2613e365a9c21555da5c123c84d1ac7449c7feae7ec11eef2f70c73b56d7e6
                                                                                                                                                                        • Instruction ID: 230044d7d66b42c64fe74f95a37b237d5ff7121dfca8b02f7ab3a89943f4b364
                                                                                                                                                                        • Opcode Fuzzy Hash: fa2613e365a9c21555da5c123c84d1ac7449c7feae7ec11eef2f70c73b56d7e6
                                                                                                                                                                        • Instruction Fuzzy Hash: D6216D70601A05EFD714DF2ADC4DB56BBE8FB04710F044269E824E7391DB7A9909CFA0
                                                                                                                                                                        Function 00D1F130 Relevance: 3.0, APIs: 2, Instructions: 41windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00D1E740: LoadLibraryW.KERNEL32(ComCtl32.dll,6C34C19C,?,?,00000000), ref: 00D1E77E
                                                                                                                                                                          • Part of subcall function 00D1E740: GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 00D1E7A1
                                                                                                                                                                          • Part of subcall function 00D1E740: FreeLibrary.KERNEL32(00000000), ref: 00D1E81F
                                                                                                                                                                          • Part of subcall function 00D1E740: LoadImageW.USER32(00000000,?,00000001,00000000,00000000,?), ref: 00D1E801
                                                                                                                                                                        • SendMessageW.USER32(?,00000080,00000001,00000000), ref: 00D1F174
                                                                                                                                                                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00D1F17F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: LibraryLoadMessageSend$AddressFreeImageProc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2968665230-0
                                                                                                                                                                        • Opcode ID: 73d8ebaccaf79d57540715aaf8d30020680b7576986f8799e95982cba6430161
                                                                                                                                                                        • Instruction ID: 1f8b62d91ce6255fa9a5a22f2050e3d8b4593fee5238ed6553c8c517881ff4aa
                                                                                                                                                                        • Opcode Fuzzy Hash: 73d8ebaccaf79d57540715aaf8d30020680b7576986f8799e95982cba6430161
                                                                                                                                                                        • Instruction Fuzzy Hash: 45F0A9327802183BF620215A2C47F67B64DDB81B64F144276FE88AB2C2ECC27C0042E9
                                                                                                                                                                        Function 00DCE778 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LCMapStringEx.KERNEL32(?,00DCEAFA,?,?,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00DCE7AC
                                                                                                                                                                        • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,00DCEAFA,?,?,00000000,?,00000000), ref: 00DCE7CA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: String
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2568140703-0
                                                                                                                                                                        • Opcode ID: a35416a21da7daf65d3cddae42cfffc92f8c3ac9048448b7e5ac2dc599575fa9
                                                                                                                                                                        • Instruction ID: d67ac54c7e1c09e4263aa0129117ddc7cda57fff096d680283b04d596d2ca712
                                                                                                                                                                        • Opcode Fuzzy Hash: a35416a21da7daf65d3cddae42cfffc92f8c3ac9048448b7e5ac2dc599575fa9
                                                                                                                                                                        • Instruction Fuzzy Hash: 7CF07A3200021ABBCF125F91EC09EDE3F26EF48760F198414FA1866070C736D931ABA4
                                                                                                                                                                        Function 00D04B40 Relevance: 2.6, APIs: 2, Instructions: 68COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000003,00000000,80000004,000000FF,00000000,00000000,?,?,00EC9384,00D4DA40,?), ref: 00D04B58
                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000003,00000000,80000004,000000FF,?,-00000001), ref: 00D04B8A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharMultiWide
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 626452242-0
                                                                                                                                                                        • Opcode ID: 9e66db6f20eebc68d9e2d36f9510fcd33ce98953ba629288b63ab3a3ae141cf0
                                                                                                                                                                        • Instruction ID: c07845eb8595e9ee07ef2fc6e6f0784c5bf4127008fe14e01c3223ecc1b1c1e9
                                                                                                                                                                        • Opcode Fuzzy Hash: 9e66db6f20eebc68d9e2d36f9510fcd33ce98953ba629288b63ab3a3ae141cf0
                                                                                                                                                                        • Instruction Fuzzy Hash: AB01C072302212AFD6109B59DC8DF5AB759EF94321F20421DF318AB2D1CBA1A815CBA0
                                                                                                                                                                        Function 00DCCA2D Relevance: 2.5, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • HeapFree.KERNEL32(00000000,00000000,?,00DCE9C9,00000000,00DCA813,00000000,?,00DBE5A5,00000000,00DCA813,?,?,?,?,00DCA60D), ref: 00DCCA43
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00DCE9C9,00000000,00DCA813,00000000,?,00DBE5A5,00000000,00DCA813,?,?,?,?,00DCA60D), ref: 00DCCA4E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                        • Opcode ID: 7bb6b5112f2478c5208b5b32f8502bd586753a805a094d4d0540788070c8b3e7
                                                                                                                                                                        • Instruction ID: c038f63ec448518eabf251dbf97d95992138d8c59c28fa6687ae1728616b636f
                                                                                                                                                                        • Opcode Fuzzy Hash: 7bb6b5112f2478c5208b5b32f8502bd586753a805a094d4d0540788070c8b3e7
                                                                                                                                                                        • Instruction Fuzzy Hash: 4FE08C32100228EBCB116FF6EC0DF89BFA8EB00751F148024F708E6061EB7089448BB4
                                                                                                                                                                        Function 00D41C20 Relevance: 1.7, APIs: 1, Instructions: 214fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,?,00D3676B,?), ref: 00D41C4B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DeleteFile
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4033686569-0
                                                                                                                                                                        • Opcode ID: 750d1aeff865c7ba3f490ea382e5d236785656c457da2f716e6b8a1c75f2c186
                                                                                                                                                                        • Instruction ID: 4901ae6c758054d83381185e8338764c4e63c99e44cab720512ca10d074641dd
                                                                                                                                                                        • Opcode Fuzzy Hash: 750d1aeff865c7ba3f490ea382e5d236785656c457da2f716e6b8a1c75f2c186
                                                                                                                                                                        • Instruction Fuzzy Hash: 8351E376A00615DFDB20CF68D885B9AFBA4FF05720F148669E915EB381DB71AD40CBB0
                                                                                                                                                                        Function 00DD43BE Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCPInfo.KERNEL32(E8458D00,?,00DD460D,00DD4601,00000000), ref: 00DD43F0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Info
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1807457897-0
                                                                                                                                                                        • Opcode ID: add0ec7f34875874d5d8e38a19f294c3fec5e31c47c1e2c1cb41ea49e7914f2e
                                                                                                                                                                        • Instruction ID: 2a62fd35015be50d04b6749d483d69e193f99bcdc0bd2736d0ecaf9076bf878a
                                                                                                                                                                        • Opcode Fuzzy Hash: add0ec7f34875874d5d8e38a19f294c3fec5e31c47c1e2c1cb41ea49e7914f2e
                                                                                                                                                                        • Instruction Fuzzy Hash: 1F5127715041589BDB218A28DD84FEA7BECEB56304F2405AEE5DAD7242C3749D86DF30
                                                                                                                                                                        Function 00D1B000 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • _wcsrchr.LIBVCRUNTIME ref: 00D1B0C1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Init_thread_footer$HeapProcess_wcsrchr
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3663133277-0
                                                                                                                                                                        • Opcode ID: 441e9ef53b7610ea15c8a55aa67b1850d276af62bdf89a0a39ba6638f3caebbc
                                                                                                                                                                        • Instruction ID: dec0fba250089b9ded33a8de2d882131d9a9657ff344866ab6c44bb3340522c4
                                                                                                                                                                        • Opcode Fuzzy Hash: 441e9ef53b7610ea15c8a55aa67b1850d276af62bdf89a0a39ba6638f3caebbc
                                                                                                                                                                        • Instruction Fuzzy Hash: ED31D170A00605EFCB00DB68D858B9EF7B4EF45320F148259E4249B391DB31AD84CBA0
                                                                                                                                                                        Function 00D42F70 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • EnumResourceLanguagesW.KERNEL32(?,00000010,00000001,00D430A0,?), ref: 00D42FBB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EnumLanguagesResource
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4141015960-0
                                                                                                                                                                        • Opcode ID: 45bd8f36071fb4d928968a1facaed87f125398d2a488b64778d9a27fbfbf4478
                                                                                                                                                                        • Instruction ID: 50782ff3598856780b9b7a87d2b91a5f7e2ed20078df4d4edaf562528f8230b8
                                                                                                                                                                        • Opcode Fuzzy Hash: 45bd8f36071fb4d928968a1facaed87f125398d2a488b64778d9a27fbfbf4478
                                                                                                                                                                        • Instruction Fuzzy Hash: E341A47190024A9FDB10DF68C885BDEBBF4FF48714F10065AE421B7681DBB6AA44CBA0
                                                                                                                                                                        Function 00D002A0 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindClose.KERNEL32(00000000,?,6C34C19C,?,?,?,0000000A,00000000,00E17CC5,000000FF,?,00D19361,6C34C19C,00000000,?,00000000), ref: 00D0037B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseFind
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1863332320-0
                                                                                                                                                                        • Opcode ID: 776ec1ef7e3a760a90be572fb997729c80dadde2ac9bfefbedface19ac8a0dda
                                                                                                                                                                        • Instruction ID: c3bdf545dc98d30e7771b2fd7e1be1433e8fedfa69533fa4023015a7f3908fa3
                                                                                                                                                                        • Opcode Fuzzy Hash: 776ec1ef7e3a760a90be572fb997729c80dadde2ac9bfefbedface19ac8a0dda
                                                                                                                                                                        • Instruction Fuzzy Hash: B9210372900614AFD7299F18D884BAEFBE8FB44710F19432DE82997780DB70AC008BE0
                                                                                                                                                                        Function 00D20100 Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00D20370: __Init_thread_footer.LIBCMT ref: 00D203E6
                                                                                                                                                                          • Part of subcall function 00DB4BA2: EnterCriticalSection.KERNEL32(00EC7FD8,?,?,?,00C09D66,00EC8C04,6C34C19C,?,?,00DDCC0D,000000FF,?,00D5985C,6C34C19C), ref: 00DB4BAD
                                                                                                                                                                          • Part of subcall function 00DB4BA2: LeaveCriticalSection.KERNEL32(00EC7FD8,?,00C09D66,00EC8C04,6C34C19C,?,?,00DDCC0D,000000FF,?,00D5985C,6C34C19C), ref: 00DB4BEA
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00D201E0
                                                                                                                                                                          • Part of subcall function 00DB4B58: EnterCriticalSection.KERNEL32(00EC7FD8,?,?,00C09DD7,00EC8C04,00E37520), ref: 00DB4B62
                                                                                                                                                                          • Part of subcall function 00DB4B58: LeaveCriticalSection.KERNEL32(00EC7FD8,?,00C09DD7,00EC8C04,00E37520), ref: 00DB4B95
                                                                                                                                                                          • Part of subcall function 00DB4B58: RtlWakeAllConditionVariable.NTDLL ref: 00DB4C0C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterInit_thread_footerLeave$ConditionVariableWake
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 984842325-0
                                                                                                                                                                        • Opcode ID: b6915f585baeb11b9b6f483b09ca8d86c918bbf33e6b13b91402a7a7aea3c44b
                                                                                                                                                                        • Instruction ID: d9032618b1af5d612ecd57187afe1c81af700339109c76f14755fd8dc0a86ac5
                                                                                                                                                                        • Opcode Fuzzy Hash: b6915f585baeb11b9b6f483b09ca8d86c918bbf33e6b13b91402a7a7aea3c44b
                                                                                                                                                                        • Instruction Fuzzy Hash: 3531EE70540350EFDB10DF05FC8AF88B7A1F710718F108629E422A7A92D3B6A909CB68
                                                                                                                                                                        Function 00D5D970 Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,00000000,00000000,00D40CB8,?,00000000,00000000,?,?), ref: 00D5D98D
                                                                                                                                                                          • Part of subcall function 00C09980: RtlAllocateHeap.NTDLL(?,00000000,?,6C34C19C,00000000,00DDC6B0,000000FF,?,?,00EBC42C,?,00D598B8,80004005,6C34C19C), ref: 00C099CA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateCreateFileHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3125202945-0
                                                                                                                                                                        • Opcode ID: 02c6febf4f2239025ef0a78804446a018263eaf108f92b026f179c4397233a52
                                                                                                                                                                        • Instruction ID: 04522fa29a9cd1effdf8355a7a8f30fb20468bf5438dfb90909c41bdbaf7d0bb
                                                                                                                                                                        • Opcode Fuzzy Hash: 02c6febf4f2239025ef0a78804446a018263eaf108f92b026f179c4397233a52
                                                                                                                                                                        • Instruction Fuzzy Hash: 1C31F374204B009FD324DF28D888B17BBE1FF98301F24895DE99AE7361D731A994CB65
                                                                                                                                                                        Function 00D19390 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00D19470: DeleteFileW.KERNEL32(00000000,0000002A,00000000,?,6C34C19C), ref: 00D194E0
                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(00000000,?,6C34C19C,?,?,?,00000000,?,00000000,00E1BD13,000000FF,?,C000008C), ref: 00D193EE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DeleteDirectoryFileRemove
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3325800564-0
                                                                                                                                                                        • Opcode ID: fb5b5835aac368fbfd4187c5686ce25380c0b3d0199c7e82a60c34ef97e5e857
                                                                                                                                                                        • Instruction ID: bc482503a80e618772c2fd84d8dc8dfecf9412009c0a021d7549db92020dcdb0
                                                                                                                                                                        • Opcode Fuzzy Hash: fb5b5835aac368fbfd4187c5686ce25380c0b3d0199c7e82a60c34ef97e5e857
                                                                                                                                                                        • Instruction Fuzzy Hash: 53217471900218DFCB24DF58D494ADDF7B4FB49720F5546A9E8256B382DB309D45CBA0
                                                                                                                                                                        Function 00D5ECE0 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 4e7dd9ffc793ce49d1aa1ce9cea90fe96a0eeae75bfeb563270d4c3f2c2e2d43
                                                                                                                                                                        • Instruction ID: acfc5866f31e79d19c0f4bd4ba49e070bc263c9745ca63da3dd7e9121e411cfa
                                                                                                                                                                        • Opcode Fuzzy Hash: 4e7dd9ffc793ce49d1aa1ce9cea90fe96a0eeae75bfeb563270d4c3f2c2e2d43
                                                                                                                                                                        • Instruction Fuzzy Hash: 0D11C632700A269F8B24BF59C5C4E16F7BAFF147123064126ED219B622DB60FD198BF0
                                                                                                                                                                        Function 00D00A10 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00DB4BA2: EnterCriticalSection.KERNEL32(00EC7FD8,?,?,?,00C09D66,00EC8C04,6C34C19C,?,?,00DDCC0D,000000FF,?,00D5985C,6C34C19C), ref: 00DB4BAD
                                                                                                                                                                          • Part of subcall function 00DB4BA2: LeaveCriticalSection.KERNEL32(00EC7FD8,?,00C09D66,00EC8C04,6C34C19C,?,?,00DDCC0D,000000FF,?,00D5985C,6C34C19C), ref: 00DB4BEA
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00D00A82
                                                                                                                                                                          • Part of subcall function 00DB4B58: EnterCriticalSection.KERNEL32(00EC7FD8,?,?,00C09DD7,00EC8C04,00E37520), ref: 00DB4B62
                                                                                                                                                                          • Part of subcall function 00DB4B58: LeaveCriticalSection.KERNEL32(00EC7FD8,?,00C09DD7,00EC8C04,00E37520), ref: 00DB4B95
                                                                                                                                                                          • Part of subcall function 00DB4B58: RtlWakeAllConditionVariable.NTDLL ref: 00DB4C0C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2296764815-0
                                                                                                                                                                        • Opcode ID: d24d500d75d535c8c2c0e190d99f0ef0d8e965df96a434fdc27fd474cc66ba2a
                                                                                                                                                                        • Instruction ID: 70c7f808bbe54243b1e65f6a0671e6dc0b2cbde2cd6e0b7ef6487cdd053eadfe
                                                                                                                                                                        • Opcode Fuzzy Hash: d24d500d75d535c8c2c0e190d99f0ef0d8e965df96a434fdc27fd474cc66ba2a
                                                                                                                                                                        • Instruction Fuzzy Hash: BB01D8B1A04744DFC718DF58E986F8877A0F744720F00027DE436E37C2D636A8068A36
                                                                                                                                                                        Function 00D20370 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00DB4BA2: EnterCriticalSection.KERNEL32(00EC7FD8,?,?,?,00C09D66,00EC8C04,6C34C19C,?,?,00DDCC0D,000000FF,?,00D5985C,6C34C19C), ref: 00DB4BAD
                                                                                                                                                                          • Part of subcall function 00DB4BA2: LeaveCriticalSection.KERNEL32(00EC7FD8,?,00C09D66,00EC8C04,6C34C19C,?,?,00DDCC0D,000000FF,?,00D5985C,6C34C19C), ref: 00DB4BEA
                                                                                                                                                                          • Part of subcall function 00D20410: RegOpenKeyExW.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00020119,00000000), ref: 00D2047E
                                                                                                                                                                          • Part of subcall function 00D20410: RegQueryValueExW.KERNEL32(00000000,CurrentMajorVersionNumber,00000000,00000000,?,?), ref: 00D204C5
                                                                                                                                                                          • Part of subcall function 00D20410: RegQueryValueExW.KERNEL32(00000000,CurrentMinorVersionNumber,00000000,00000000,?,00000004), ref: 00D204E4
                                                                                                                                                                          • Part of subcall function 00D20410: RegQueryValueExW.ADVAPI32(00000000,CurrentVersion,00000000,00000000,?,?), ref: 00D20513
                                                                                                                                                                          • Part of subcall function 00D20410: RegQueryValueExW.KERNEL32(00000000,CurrentBuildNumber,00000000,00000000,?,?), ref: 00D20588
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00D203E6
                                                                                                                                                                          • Part of subcall function 00DB4B58: EnterCriticalSection.KERNEL32(00EC7FD8,?,?,00C09DD7,00EC8C04,00E37520), ref: 00DB4B62
                                                                                                                                                                          • Part of subcall function 00DB4B58: LeaveCriticalSection.KERNEL32(00EC7FD8,?,00C09DD7,00EC8C04,00E37520), ref: 00DB4B95
                                                                                                                                                                          • Part of subcall function 00DB4B58: RtlWakeAllConditionVariable.NTDLL ref: 00DB4C0C
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalQuerySectionValue$EnterLeave$ConditionInit_thread_footerOpenVariableWake
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3563064969-0
                                                                                                                                                                        • Opcode ID: 15be434e279810fb65e388fb99d835dd6834000716ed3d3d45019b2e1c926727
                                                                                                                                                                        • Instruction ID: cb6a94a7081f20c07216cdaab0c412653af6870661626f48cf67031fa48f2b58
                                                                                                                                                                        • Opcode Fuzzy Hash: 15be434e279810fb65e388fb99d835dd6834000716ed3d3d45019b2e1c926727
                                                                                                                                                                        • Instruction Fuzzy Hash: 1401F772A44744DFC714DF58DA46F89B7E0E705B20F104378EA21A73C2C632A9018B61
                                                                                                                                                                        Function 00C09980 Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00DB641A: RaiseException.KERNEL32(E06D7363,00000001,00000003,6C34C19C,?,?,00D598B8,80004005,6C34C19C), ref: 00DB647A
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(?,00000000,?,6C34C19C,00000000,00DDC6B0,000000FF,?,?,00EBC42C,?,00D598B8,80004005,6C34C19C), ref: 00C099CA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateExceptionHeapRaise
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3789339297-0
                                                                                                                                                                        • Opcode ID: 78ccdbc6c8fbc834585f7dd7a22b5b1422faf871556a7e601ab4f6037bfd8cdf
                                                                                                                                                                        • Instruction ID: 563ff32e01f6c8937b9364457153b379c7d4a9f540b7186a422df024de563db4
                                                                                                                                                                        • Opcode Fuzzy Hash: 78ccdbc6c8fbc834585f7dd7a22b5b1422faf871556a7e601ab4f6037bfd8cdf
                                                                                                                                                                        • Instruction Fuzzy Hash: 6CF02071A08248FFC700CF10DC02F9ABBA8FB08B00F00862EF919927A1DB36A900CA50
                                                                                                                                                                        Function 00DCCA67 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,00000000,00DCA813,?,00DCE9B8,?,00000000,?,00DBE5A5,00000000,00DCA813,?,?,?,?,00DCA60D), ref: 00DCCA99
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                        • Opcode ID: 156b3e636da7a0a500e1d72c5c97fdda7cabec7b38a80c99c19c5bbf210cdf9f
                                                                                                                                                                        • Instruction ID: ea891dcb60fd60945a812bd3063c7674deab484e12019e81185119a36c0d3c08
                                                                                                                                                                        • Opcode Fuzzy Hash: 156b3e636da7a0a500e1d72c5c97fdda7cabec7b38a80c99c19c5bbf210cdf9f
                                                                                                                                                                        • Instruction Fuzzy Hash: 9BE0E53162062B6AE621A6269D0DF5A7A48EB013E0F292129EE4DD3080DB20CC0189B4
                                                                                                                                                                        Function 6C607FA0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,00000000,?,F1829F80,?,Function_0006ED80,000000FF), ref: 6C607FCF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2087252363.000000006C5E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2087224760.000000006C5E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087345153.000000006C68F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087378335.000000006C69B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6c5e0000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FreeHeap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3298025750-0
                                                                                                                                                                        • Opcode ID: e05177a9de635ea3a2abfadfc173e431818e9c9c29bb0491ff24f05bf1c260c8
                                                                                                                                                                        • Instruction ID: b7eeaf4614648ec74f750dcf9dce8e5769d1546192ea15298eb0083af9c1ca26
                                                                                                                                                                        • Opcode Fuzzy Hash: e05177a9de635ea3a2abfadfc173e431818e9c9c29bb0491ff24f05bf1c260c8
                                                                                                                                                                        • Instruction Fuzzy Hash: BAE06D71608548AFD701CF05CD40F26BBE8F70AB10F10862AF815D7A80D736A8108AA8
                                                                                                                                                                        Function 00DCA77B Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: H_prolog3
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 431132790-0
                                                                                                                                                                        • Opcode ID: ee21cec73bfacaafd230b80b42b191c88a701dc55b7e21df7d9e23e6280de18c
                                                                                                                                                                        • Instruction ID: f2fdfde6cb15e47c7bb8f3af17811c689d03ae71a0e02af6af3542f1b754b7ed
                                                                                                                                                                        • Opcode Fuzzy Hash: ee21cec73bfacaafd230b80b42b191c88a701dc55b7e21df7d9e23e6280de18c
                                                                                                                                                                        • Instruction Fuzzy Hash: 94E075B2D4020E9ADB01DFD8D456BEFBBB8EB08300F504126A655E6141EB7557458BB1
                                                                                                                                                                        Function 6C63DE24 Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2087252363.000000006C5E1000.00000020.00000001.01000000.00000009.sdmp, Offset: 6C5E0000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2087224760.000000006C5E0000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087315347.000000006C664000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087345153.000000006C68F000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2087378335.000000006C69B000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_6c5e0000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: H_prolog3
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 431132790-0
                                                                                                                                                                        • Opcode ID: 794a4bf1b9c90f3013c577391d452b192bc21d493e5ce04aaafc35668996a4a0
                                                                                                                                                                        • Instruction ID: 3b2860dda9b941a5009225b2d005a25a0438e9b76913b7d281757eeec5e9d750
                                                                                                                                                                        • Opcode Fuzzy Hash: 794a4bf1b9c90f3013c577391d452b192bc21d493e5ce04aaafc35668996a4a0
                                                                                                                                                                        • Instruction Fuzzy Hash: 6DE09AB6D0020D9BDF00DFD4C445BEFB7B8AF05704F5051269215E7641EB789748CBA6
                                                                                                                                                                        Function 00C08710 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseHandle
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                                                        • Opcode ID: ca863e7e6f3ac16562e9952b7f58709d242eb4dbeae3d524235dc4808ff8fbe8
                                                                                                                                                                        • Instruction ID: 91599d4a0651a344ce7c7434579555f6949934fb6a97a1c854a15f01b382ca87
                                                                                                                                                                        • Opcode Fuzzy Hash: ca863e7e6f3ac16562e9952b7f58709d242eb4dbeae3d524235dc4808ff8fbe8
                                                                                                                                                                        • Instruction Fuzzy Hash: A4C08C302002104BC7304B18B90874236DC9B08700F008459B459D3240CBB0DC048A54

                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                        Function 00C03010 Relevance: 435.0, Strings: 346, Instructions: 2486COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: %$ -$ .$ /$ 6$ 7$ 8$ @$ A$ B$ I$ J$ K$ S$ T$(*$(+$(,$(3$(4$(5$(=$(>$(?$(F$(G$(H$(P$(Q$(R$0'$0($0)$00$01$02$0:$0;$0<$0C$0D$0E$0M$0N$0O$100$10000$100000$12000$120000$1500$15000$1500000$1800$2000$20000$200000$3000$30000$3000000$500$5000$6000$8%$8&$8-$8.$8/$800$8000$87$88$89$8@$8A$8B$8J$8K$8L$8S$8T$@*$@+$@,$@4$@5$@6$@=$@>$@?$@G$@H$@I$@P$@Q$@R$AI_AppSearchEx$AI_ChainProductsPseudo$AI_CountRowAction$AI_DefaultActionCost$AI_DownloadPrereq$AI_ExtractPrereq$AI_Game$AI_GxInstall$AI_GxUninstall$AI_InstallPostPrerequisite$AI_InstallPrerequisite$AI_PreRequisite$AI_ProcessAccounts$AI_ProcessGroups$AI_ProcessTasks$AI_ScheduledTasks$AI_UninstallAccounts$AI_UninstallGroups$AI_UninstallTasks$AI_UserAccounts$AI_UserGroups$AI_XmlAttribute$AI_XmlElement$AI_XmlInstall$AI_XmlUninstall$AppId$AppSearch$BindImage$Complus$Component$Component_$CostFinalize$CostInitialize$CreateFolder$CreateFolders$CreateShortcuts$DuplicateFile$DuplicateFiles$Environment$Extension$Feature$Feature_$File$FileCost$FileSize$Font$H'$H($H)$H1$H2$H3$H:$H;$H<$HD$HE$HF$HM$HN$HO$IniFile$InstallFiles$InstallFinalize$InstallInitialize$InstallODBC$InstallServices$InstallValidate$Location$MIME$MoveFile$MoveFiles$MsiAssembly$MsiConfigureServices$MsiPublishAssemblies$MsiUnpublishAssemblies$ODBCDataSource$ODBCDriver$ODBCTranslator$Options$P%$P&$P.$P/$P0$P7$P8$P9$PA$PB$PC$PJ$PK$PL$PT$Patch$PatchFiles$PatchSize$ProcessComponents$ProgId$PublishComponent$PublishComponents$PublishFeatures$RegisterClassInfo$RegisterComPlus$RegisterExtensionInfo$RegisterFonts$RegisterMIMEInfo$RegisterProgIdInfo$RegisterTypeLibraries$Registry$RemoveDuplicateFiles$RemoveEnvironmentStrings$RemoveExistingProducts$RemoveFile$RemoveFiles$RemoveFolders$RemoveIniFile$RemoveIniValues$RemoveODBC$RemoveRegistry$RemoveRegistryValues$RemoveShortcuts$SelfReg$SelfRegModules$SelfUnregModules$ServiceControl$ServiceInstall$Shortcut$StartServices$StopServices$TypeLib$UnpublishComponents$UnpublishFeatures$UnregisterClassInfo$UnregisterComPlus$UnregisterExtensionInfo$UnregisterFonts$UnregisterMIMEInfo$UnregisterProgIdInfo$WriteEnvironmentStrings$WriteIniValues$WriteRegistryValues$X+$X,$X-$X4$X5$X6$X>$X?$X@$XG$XH$XI$XQ$XR$XS$`($`)$`*$`1$`2$`3$`;$`<$`=$`D$`E$`F$`N$`O$`P$h%$h&$h'$h.$h/$h0$h8$h9$h:$hA$hB$hC$hK$hL$hM$hT$p+$p,$p-$p5$p6$p7$p>$p?$p@$pH$pI$pJ$pQ$pR$pS$x($x)$x*$x2$x3$x4$x;$x<$x=$xE$xF$xG$xN$xO$xP$~$$$%$&$'$($)$.$/$0$1$2$3$7$8$9$:$;$<$A$B$C$D$E$F$J$K$L$M$N$O
                                                                                                                                                                        • API String ID: 0-659361337
                                                                                                                                                                        • Opcode ID: ae3f8d7d2de2adda299de67f6c2dab08356fd7ac30e5973aae71172c000178d0
                                                                                                                                                                        • Instruction ID: 8056d0a4a2847cf7fd86fcce8c8aa06913af22d98029995349180309c2005e22
                                                                                                                                                                        • Opcode Fuzzy Hash: ae3f8d7d2de2adda299de67f6c2dab08356fd7ac30e5973aae71172c000178d0
                                                                                                                                                                        • Instruction Fuzzy Hash: 1133B7A0A89384BDD709DBB4A91BF6D69609FD1704F10735CF1503B2D2CBB61A06E3A6
                                                                                                                                                                        Function 00C045FE Relevance: 334.0, Strings: 266, Instructions: 1549COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: 6$ 7$ 8$ @$ A$ B$ I$ J$ K$ S$ T$(3$(4$(5$(=$(>$(?$(F$(G$(H$(P$(Q$(R$02$0:$0;$0<$0C$0D$0E$0M$0N$0O$100$10000$100000$12000$120000$1500$15000$1500000$1800$2000$20000$200000$3000$30000$3000000$500$5000$6000$8000$87$88$89$8@$8A$8B$8J$8K$8L$8S$8T$@4$@5$@6$@=$@>$@?$@G$@H$@I$@P$@Q$@R$AI_AppSearchEx$AI_ChainProductsPseudo$AI_CountRowAction$AI_DefaultActionCost$AI_DownloadPrereq$AI_ExtractPrereq$AI_Game$AI_GxInstall$AI_GxUninstall$AI_InstallPostPrerequisite$AI_InstallPrerequisite$AI_PreRequisite$AI_ProcessAccounts$AI_ProcessGroups$AI_ProcessTasks$AI_ScheduledTasks$AI_UninstallAccounts$AI_UninstallGroups$AI_UninstallTasks$AI_UserAccounts$AI_UserGroups$AI_XmlAttribute$AI_XmlElement$AI_XmlInstall$AI_XmlUninstall$AppId$BindImage$Complus$Component_$CreateFolder$CreateFolders$CreateShortcuts$DuplicateFile$DuplicateFiles$Environment$Extension$Feature$Feature_$File$FileSize$Font$H2$H3$H:$H;$H<$HD$HE$HF$HM$HN$HO$IniFile$InstallFiles$InstallFinalize$InstallInitialize$InstallODBC$InstallServices$Location$MIME$MoveFile$MoveFiles$MsiAssembly$MsiConfigureServices$MsiPublishAssemblies$ODBCDataSource$ODBCDriver$ODBCTranslator$Options$P7$P8$P9$PA$PB$PC$PJ$PK$PL$PT$Patch$PatchFiles$PatchSize$ProgId$PublishComponent$PublishComponents$PublishFeatures$RegisterClassInfo$RegisterComPlus$RegisterExtensionInfo$RegisterFonts$RegisterMIMEInfo$RegisterProgIdInfo$RegisterTypeLibraries$Registry$RemoveDuplicateFiles$RemoveEnvironmentStrings$RemoveFile$RemoveFiles$RemoveFolders$RemoveIniFile$RemoveIniValues$RemoveShortcuts$SelfReg$SelfRegModules$ServiceControl$ServiceInstall$Shortcut$StartServices$TypeLib$UnregisterMIMEInfo$WriteEnvironmentStrings$WriteIniValues$WriteRegistryValues$X4$X5$X6$X>$X?$X@$XG$XH$XI$XQ$XR$XS$`2$`3$`;$`<$`=$`D$`E$`F$`N$`O$`P$h8$h9$h:$hA$hB$hC$hK$hL$hM$hT$p5$p6$p7$p>$p?$p@$pH$pI$pJ$pQ$pR$pS$x2$x3$x4$x;$x<$x=$xE$xF$xG$xN$xO$xP$~$2$3$7$8$9$:$;$<$A$B$C$D$E$F$J$K$L$M$N$O
                                                                                                                                                                        • API String ID: 0-2236961450
                                                                                                                                                                        • Opcode ID: 3a657591f785b1aa0b80e2acc3b7752c504b3ab16fde5f25a1d35ff66d8cc993
                                                                                                                                                                        • Instruction ID: b475a74a4c4ac425d4c3ef581f16fc3e6ec60555ad86ad6e889530c38bb6e92f
                                                                                                                                                                        • Opcode Fuzzy Hash: 3a657591f785b1aa0b80e2acc3b7752c504b3ab16fde5f25a1d35ff66d8cc993
                                                                                                                                                                        • Instruction Fuzzy Hash: 8EE2BA90F89785B9C71AE7F43A1BB6D59214FD2711F14739CF1613B2D2CA621B02E3A2
                                                                                                                                                                        Function 00C2B461 Relevance: 64.6, APIs: 25, Strings: 11, Instructions: 1644memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • VariantClear.OLEAUT32 ref: 00C2B70F
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C2B86A
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C2B892
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C2BA1E
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00C2BA2F
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C2BA79
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C2BAA2
                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00C2BAAD
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C2BBBB
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C2BBEC
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C2BC45
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C2BCF4
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C2B73D
                                                                                                                                                                          • Part of subcall function 00C092A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00C21134,00000000,?,00000010,?,*.*,?,80070057), ref: 00C092C3
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C2B80E
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C2B836
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C2BE38
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00C2BE49
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C2BE93
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C2BEBC
                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00C2BEC7
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C2BFD5
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00C2BFE2
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C2C02A
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C2C052
                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00C2C05C
                                                                                                                                                                          • Part of subcall function 00C09980: RtlAllocateHeap.NTDLL(?,00000000,?,6C34C19C,00000000,00DDC6B0,000000FF,?,?,00EBC42C,?,00D598B8,80004005,6C34C19C), ref: 00C099CA
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ClearVariant$String$AllocFree$HeapInit_thread_footer$AllocateFindProcessResource
                                                                                                                                                                        • String ID: GetFontHeight$MessageBox$MsiEvaluateCondition$MsiGetBinaryPath$MsiGetBinaryPathIndirect$MsiGetBytesCountText$MsiGetFormattedError$MsiGetProperty$MsiPublishEvents$MsiResolveFormatted$MsiSetProperty
                                                                                                                                                                        • API String ID: 3540692479-3153392536
                                                                                                                                                                        • Opcode ID: 270bef6e59ab7e3762b67233156ffcd7f5e69c57c5345db80c26095ecb7c1a48
                                                                                                                                                                        • Instruction ID: 85da31d83bd7db810dba2f3be52a9f5ea8af7e36ca7e1ef0fefcdfdf453db04a
                                                                                                                                                                        • Opcode Fuzzy Hash: 270bef6e59ab7e3762b67233156ffcd7f5e69c57c5345db80c26095ecb7c1a48
                                                                                                                                                                        • Instruction Fuzzy Hash: 6CE2A071D00258DFDB14DFA8D884BDEBBB4FF48314F208259E415AB791EB74AA85CB90
                                                                                                                                                                        Function 00D4D260 Relevance: 44.3, APIs: 16, Strings: 9, Instructions: 517fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNEL32(00EC93A8,C0000000,00000003,00000000,00000004,00000080,00000000,6C34C19C,00EC9384,00EC939C,?), ref: 00D4D2E0
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D4D2FD
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(00000000,00000020), ref: 00D4D376
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(00000000,?,0000001C), ref: 00D4D47A
                                                                                                                                                                        • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,0000001C), ref: 00D4D4EB
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,00EC8C20,00000000,00000000,00000000,?,0000001C), ref: 00D4D51B
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,000000B7,?,00000000,00000000,00E46D60,00000002), ref: 00D4D5C6
                                                                                                                                                                        • FlushFileBuffers.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0000001C), ref: 00D4D5CF
                                                                                                                                                                        • FlushFileBuffers.KERNEL32(00000000,?,0000001C), ref: 00D4D520
                                                                                                                                                                          • Part of subcall function 00C092A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00C21134,00000000,?,00000010,?,*.*,?,80070057), ref: 00C092C3
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(00000000,?,0000001D), ref: 00D4D6C3
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,00000000,00000002,?,00000000,?,0000001D), ref: 00D4D749
                                                                                                                                                                        • FlushFileBuffers.KERNEL32(00000000,?,0000001D), ref: 00D4D754
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,000000FF,?,00000000,00000000,00E46D60,00000002,?,?,CPU: ,00000005), ref: 00D4D7C8
                                                                                                                                                                        • FlushFileBuffers.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0000001C), ref: 00D4D7D1
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,000000B7,?,00000000,00000000,00E46D60,00000002), ref: 00D4D856
                                                                                                                                                                        • FlushFileBuffers.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,0000001C), ref: 00D4D85F
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$BuffersFlushWrite$DebugOutputString$Init_thread_footer$CreateErrorFindHeapLastPointerProcessResource
                                                                                                                                                                        • String ID: CPU: $LOGGER->Creating LOG file at:$LOGGER->Reusing LOG file at:$LOGGER->failed to create LOG at:$OS Version: %u.%u.%u SP%u (%s) [%s]$server$workstation$x64$x86
                                                                                                                                                                        • API String ID: 4051163352-1312762833
                                                                                                                                                                        • Opcode ID: 656d14ff2c944a9f44e651464b2490d6c9ae0c481c457a1b0a36a4c82bf8e57c
                                                                                                                                                                        • Instruction ID: 58714965261910c7a401c8e52f0b5833690d357239012d81ebff5ff1ba442882
                                                                                                                                                                        • Opcode Fuzzy Hash: 656d14ff2c944a9f44e651464b2490d6c9ae0c481c457a1b0a36a4c82bf8e57c
                                                                                                                                                                        • Instruction Fuzzy Hash: 13128270A01609DFDB10DF68CD49BAEBBB5EF45314F1482A8E815AB2E2DB70DD44CB60
                                                                                                                                                                        Function 00C1EAF0 Relevance: 26.1, APIs: 17, Instructions: 608COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00C1EB28
                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EB), ref: 00C1EBA3
                                                                                                                                                                        • ShowWindow.USER32(00000000,?), ref: 00C1EBC2
                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EB,00000000), ref: 00C1EBD0
                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00C1EBE7
                                                                                                                                                                        • ShowWindow.USER32(00000000,?), ref: 00C1EC08
                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EB,?), ref: 00C1EC1F
                                                                                                                                                                          • Part of subcall function 00C18590: RaiseException.KERNEL32(6C34C19C,6C34C19C,00000000,00000000,00DB3F71,C000008C,00000001,?,00DB3FA2,00000000,?,?,?,00C090D7,00000000,6C34C19C), ref: 00C1859C
                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00C1ECD8
                                                                                                                                                                        • ShowWindow.USER32(?,?), ref: 00C1ED5D
                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EB), ref: 00C1ED8C
                                                                                                                                                                        • ShowWindow.USER32(?,?), ref: 00C1EDA9
                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00C1EDCE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$LongRectShow$Client$ExceptionRaise
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3804784045-0
                                                                                                                                                                        • Opcode ID: 427dfa68cdd77a5a5ab6be8dc542103cee743a783b1a7fb2e7948114836decb3
                                                                                                                                                                        • Instruction ID: d368935b992a401220b32b8947a366925b3e6df8c1ffadca328b74d37de2183b
                                                                                                                                                                        • Opcode Fuzzy Hash: 427dfa68cdd77a5a5ab6be8dc542103cee743a783b1a7fb2e7948114836decb3
                                                                                                                                                                        • Instruction Fuzzy Hash: FD423971A04248DFCB24CFA9D884AADBBF5FF89300F10456DE856E7260D730A986DF51
                                                                                                                                                                        Function 00C14BC0 Relevance: 22.9, APIs: 15, Instructions: 390memorynativeCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C15050: EnterCriticalSection.KERNEL32(00EC957C,6C34C19C,00000000,?,?,?,?,?,?,00C1487E,00DDF9CD,000000FF), ref: 00C1508D
                                                                                                                                                                          • Part of subcall function 00C15050: LoadCursorW.USER32(00000000,00007F00), ref: 00C15108
                                                                                                                                                                          • Part of subcall function 00C15050: LoadCursorW.USER32(00000000,00007F00), ref: 00C151AE
                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00C14C63
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00C14C94
                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00C14D6B
                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00C14D7B
                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00C14D86
                                                                                                                                                                        • NtdllDefWindowProc_W.NTDLL(?,?,00000001,?), ref: 00C14D94
                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EB), ref: 00C14DA2
                                                                                                                                                                        • SetWindowTextW.USER32(?,00E4446C), ref: 00C14E41
                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00C14E76
                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00C14E84
                                                                                                                                                                        • GlobalUnlock.KERNEL32(?), ref: 00C14ED8
                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EB,00000000), ref: 00C14F63
                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00C14F7C
                                                                                                                                                                        • NtdllDefWindowProc_W.NTDLL(?,?,?,00000000), ref: 00C14FC3
                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00C14FE5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$Long$String$FreeGlobal$AllocCursorLoadNtdllProc_$CriticalEnterLockSectionTextUnlock
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4180125975-0
                                                                                                                                                                        • Opcode ID: 4a2a2cb1168c05efe9e6a325646c009150aea19d327902dbe31c6860290dfb2d
                                                                                                                                                                        • Instruction ID: a5ada3ada28d4f3be1d862367c54167cb2ddee6d4b1597496f1adc9b8ad318e1
                                                                                                                                                                        • Opcode Fuzzy Hash: 4a2a2cb1168c05efe9e6a325646c009150aea19d327902dbe31c6860290dfb2d
                                                                                                                                                                        • Instruction Fuzzy Hash: 8ED1CD71904209EFDB14DFA4CC48FEFBBB8EF46310F144168E821A7291D7759A45EBA1
                                                                                                                                                                        Function 00D28F30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 419fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,?,00000001), ref: 00D292D2
                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00D29300
                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00D29389
                                                                                                                                                                        Strings
                                                                                                                                                                        • An acceptable version was found., xrefs: 00D29872
                                                                                                                                                                        • No acceptable version found. It must be downloaded manually from a site., xrefs: 00D29887
                                                                                                                                                                        • No acceptable version found. It is already downloaded and it will be installed., xrefs: 00D29895
                                                                                                                                                                        • No acceptable version found. Operating System not supported., xrefs: 00D2988E
                                                                                                                                                                        • Not selected for install., xrefs: 00D298A3
                                                                                                                                                                        • No acceptable version found. It must be downloaded., xrefs: 00D29880
                                                                                                                                                                        • No acceptable version found., xrefs: 00D2989C
                                                                                                                                                                        • No acceptable version found. It must be installed from package., xrefs: 00D29879
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Find$CloseInit_thread_footer$FileFirstHeapProcess
                                                                                                                                                                        • String ID: An acceptable version was found.$No acceptable version found.$No acceptable version found. It is already downloaded and it will be installed.$No acceptable version found. It must be downloaded manually from a site.$No acceptable version found. It must be downloaded.$No acceptable version found. It must be installed from package.$No acceptable version found. Operating System not supported.$Not selected for install.
                                                                                                                                                                        • API String ID: 544434140-749633484
                                                                                                                                                                        • Opcode ID: 81646d9f5aa4d2c3f0f5a4b040a5594574316110288ee6345ca1cc981c9e0e40
                                                                                                                                                                        • Instruction ID: 588745f025997006cb0ed6a98607b2011f01a51f48e924a58b3b49882dd4dfa4
                                                                                                                                                                        • Opcode Fuzzy Hash: 81646d9f5aa4d2c3f0f5a4b040a5594574316110288ee6345ca1cc981c9e0e40
                                                                                                                                                                        • Instruction Fuzzy Hash: D0F1CF70A04216CFDB10DF38C8587AEFBF0EF55314F188698D859AB392DB349A45CBA0
                                                                                                                                                                        Function 00CFA2A0 Relevance: 19.7, APIs: 13, Instructions: 155windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SendMessageW.USER32(?,00001036,00010000,00000000), ref: 00CFA30B
                                                                                                                                                                        • GetParent.USER32(00000000), ref: 00CFA35E
                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00CFA361
                                                                                                                                                                        • GetParent.USER32(00000000), ref: 00CFA370
                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00CFA373
                                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00CFA3A0
                                                                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000), ref: 00CFA3DF
                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00CFA3F0
                                                                                                                                                                        • MapWindowPoints.USER32(00000000,00000000,?,00000002), ref: 00CFA406
                                                                                                                                                                          • Part of subcall function 00CB39A0: IsWindowVisible.USER32(?), ref: 00CB3A1A
                                                                                                                                                                          • Part of subcall function 00CB39A0: GetWindowRect.USER32(?,?), ref: 00CB3A32
                                                                                                                                                                          • Part of subcall function 00CB39A0: GetWindowRect.USER32(?,?), ref: 00CB3A4A
                                                                                                                                                                          • Part of subcall function 00CB39A0: IntersectRect.USER32(?,?,?), ref: 00CB3A67
                                                                                                                                                                          • Part of subcall function 00CB39A0: EqualRect.USER32(?,?), ref: 00CB3A77
                                                                                                                                                                          • Part of subcall function 00CB39A0: GetSysColorBrush.USER32(0000000F), ref: 00CB3A8D
                                                                                                                                                                        • FillRect.USER32(?,?,00000000), ref: 00CFA41C
                                                                                                                                                                        • DeleteDC.GDI32(?), ref: 00CFA43C
                                                                                                                                                                        • SendMessageW.USER32(?,00001026,00000000,000000FF), ref: 00CFA460
                                                                                                                                                                        • SendMessageW.USER32(?,0000108A,00000000,00000011), ref: 00CFA473
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Rect$Window$MessageSend$CompatibleCreateParent$BitmapBrushColorDeleteEqualFillIntersectObjectPointsSelectVisible
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2161025992-0
                                                                                                                                                                        • Opcode ID: 16e62071f0c243716fc9201210a3d9da570817ced9c744e0ad2ea2e6ed875ee3
                                                                                                                                                                        • Instruction ID: 50cd00cfbd70f6e4fa4ca1a0137e8d7c2b253f06d9372eee3f0e9fa6afd9a163
                                                                                                                                                                        • Opcode Fuzzy Hash: 16e62071f0c243716fc9201210a3d9da570817ced9c744e0ad2ea2e6ed875ee3
                                                                                                                                                                        • Instruction Fuzzy Hash: 61516670D04648AFDB10CFA9CD44BDEBBF8EF59710F10432AE855B7290EB716A858B60
                                                                                                                                                                        Function 00D2CFD0 Relevance: 19.1, APIs: 2, Strings: 8, Instructions: 1614fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C09980: RtlAllocateHeap.NTDLL(?,00000000,?,6C34C19C,00000000,00DDC6B0,000000FF,?,?,00EBC42C,?,00D598B8,80004005,6C34C19C), ref: 00C099CA
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                          • Part of subcall function 00C092A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00C21134,00000000,?,00000010,?,*.*,?,80070057), ref: 00C092C3
                                                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000,00000000,00000000), ref: 00D2D558
                                                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,?), ref: 00D2DA59
                                                                                                                                                                          • Part of subcall function 00D04B40: MultiByteToWideChar.KERNEL32(00000003,00000000,80000004,000000FF,00000000,00000000,?,?,00EC9384,00D4DA40,?), ref: 00D04B58
                                                                                                                                                                          • Part of subcall function 00D04B40: MultiByteToWideChar.KERNEL32(00000003,00000000,80000004,000000FF,?,-00000001), ref: 00D04B8A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharCopyFileHeapInit_thread_footerMultiWide$AllocateFindProcessResource
                                                                                                                                                                        • String ID: AI_PRODUCTNAME_ARP$InstanceId$ProductCode$ProductName$\\?\$instname-custom.mst$instname-target.msi${%0.8X-%0.4X-%0.4X-%0.2X%0.2X-%0.2X%0.2X%0.2X%0.2X%0.2X%0.2X}
                                                                                                                                                                        • API String ID: 2868415777-2893908338
                                                                                                                                                                        • Opcode ID: fbf37d152083762f0929d789c8444bd45615c0aa6aae7e7080490daa7ed8f8f1
                                                                                                                                                                        • Instruction ID: 9c8f07087e4a6b17e19671b690a2e9102c355395d2774f269f4c75b4944fc9c4
                                                                                                                                                                        • Opcode Fuzzy Hash: fbf37d152083762f0929d789c8444bd45615c0aa6aae7e7080490daa7ed8f8f1
                                                                                                                                                                        • Instruction Fuzzy Hash: E0D2B171A00649DFDB00DFA8D849BAEBBF5EF55318F188169E415EB292DB34DD04CBA0
                                                                                                                                                                        Function 00CFAA20 Relevance: 17.9, APIs: 7, Strings: 3, Instructions: 373windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037), ref: 00CFACDA
                                                                                                                                                                        • RedrawWindow.USER32(?,00000000,00000000,00000541), ref: 00CFACEC
                                                                                                                                                                        • SendMessageW.USER32(?,00000443,00000000), ref: 00CFAD44
                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00CFAD68
                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00CFAD73
                                                                                                                                                                        • MulDiv.KERNEL32(?,00000000), ref: 00CFAD7B
                                                                                                                                                                        • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?), ref: 00CFADA0
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$CapsCreateDeviceFontMessageRedrawSend
                                                                                                                                                                        • String ID: NumberValidationTipMsg$NumberValidationTipTitle$Segoe UI
                                                                                                                                                                        • API String ID: 367477953-2319862951
                                                                                                                                                                        • Opcode ID: 5e4743c39d0917f773202cebbeff145e16393e10a64f876f6aea5cc2790f87dc
                                                                                                                                                                        • Instruction ID: 2f39a932d87ffb2c6c4b689caa16cb6a625c1d3a61ccadbb5d08061f751fe4ad
                                                                                                                                                                        • Opcode Fuzzy Hash: 5e4743c39d0917f773202cebbeff145e16393e10a64f876f6aea5cc2790f87dc
                                                                                                                                                                        • Instruction Fuzzy Hash: 91E1CE71A00708AFEB18CF64CC59BEEB7B1EF49300F108259E55AA72D1DB746A49CF91
                                                                                                                                                                        Function 00C144A0 Relevance: 16.9, APIs: 11, Instructions: 417nativememoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetWindowLongW.USER32(80070216,000000EC), ref: 00C146CB
                                                                                                                                                                        • GetWindowLongW.USER32(00000000,000000EC), ref: 00C146DB
                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000EC,00000000), ref: 00C146E6
                                                                                                                                                                        • NtdllDefWindowProc_W.NTDLL(00000000,00000000,00000001,80070216,?,?,80070216), ref: 00C146F4
                                                                                                                                                                        • GetWindowLongW.USER32(00000000,000000EB), ref: 00C14702
                                                                                                                                                                        • SetWindowTextW.USER32(00000000,00E4446C), ref: 00C147A1
                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00C147D6
                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00C147E4
                                                                                                                                                                        • GlobalUnlock.KERNEL32(?), ref: 00C14838
                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00C1489D
                                                                                                                                                                        • NtdllDefWindowProc_W.NTDLL(00000000,00000000,6C34C19C,00000000), ref: 00C148EF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$Long$Global$NtdllProc_$AllocLockTextUnlock
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3555041256-0
                                                                                                                                                                        • Opcode ID: 81cd5dc4ad387b7955401c6e4d8dcbe7f8f416ab872eb6960c4b9b54eccc6997
                                                                                                                                                                        • Instruction ID: 0a6b187d587ef13ecd92c718f9da6baab34260c8f1a0da7ea3c7df64401d9b1b
                                                                                                                                                                        • Opcode Fuzzy Hash: 81cd5dc4ad387b7955401c6e4d8dcbe7f8f416ab872eb6960c4b9b54eccc6997
                                                                                                                                                                        • Instruction Fuzzy Hash: B0E1D071A00205DFDB18DF69CC48BEFBBA9EF46314F140129E921E7291DB34DA44EBA0
                                                                                                                                                                        Function 00D02AF0 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 248fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000), ref: 00D02BDF
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00D02C07
                                                                                                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?), ref: 00D02C49
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00D02C9E
                                                                                                                                                                        • ShellExecuteExW.SHELL32 ref: 00D02D33
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseFileHandle$CreateExecuteShellWrite
                                                                                                                                                                        • String ID: .bat$EXE$open$runas
                                                                                                                                                                        • API String ID: 548387358-1492471297
                                                                                                                                                                        • Opcode ID: c05297aee92af2aceb80f5a3b248f24871045ee307365bfad472d33d88d53518
                                                                                                                                                                        • Instruction ID: 2edd979032932ae8faa41a8df577fb31d335154c6ce77e5a0bc921dc76e49875
                                                                                                                                                                        • Opcode Fuzzy Hash: c05297aee92af2aceb80f5a3b248f24871045ee307365bfad472d33d88d53518
                                                                                                                                                                        • Instruction Fuzzy Hash: 83A17D70902648DFEB11CFA8C948BADBBB4FF45314F148299E419AB2D1DB749D44CF60
                                                                                                                                                                        Function 00C2C116 Relevance: 13.1, Strings: 10, Instructions: 592COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: GetFontHeight$MessageBox$MsiEvaluateCondition$MsiGetBinaryPath$MsiGetBinaryPathIndirect$MsiGetBytesCountText$MsiGetFormattedError$MsiGetProperty$MsiPublishEvents$MsiResolveFormatted
                                                                                                                                                                        • API String ID: 0-2027876840
                                                                                                                                                                        • Opcode ID: 268aaca8cff4a851f1b90d7ac463c95c1c13bbc31142c03c37fdb5f95c47186d
                                                                                                                                                                        • Instruction ID: 45bcdf857ad53a7fc9bc91d77c56dbed0370ed2d34088101f6b8b20a96941d65
                                                                                                                                                                        • Opcode Fuzzy Hash: 268aaca8cff4a851f1b90d7ac463c95c1c13bbc31142c03c37fdb5f95c47186d
                                                                                                                                                                        • Instruction Fuzzy Hash: 664249B1D10259CFDF14CFA8D885BDEBBB1FF48314F20821AE015AB691E7746686CB94
                                                                                                                                                                        Function 00C2C127 Relevance: 13.1, Strings: 10, Instructions: 591COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: GetFontHeight$MessageBox$MsiEvaluateCondition$MsiGetBinaryPath$MsiGetBinaryPathIndirect$MsiGetBytesCountText$MsiGetFormattedError$MsiGetProperty$MsiPublishEvents$MsiResolveFormatted
                                                                                                                                                                        • API String ID: 0-2027876840
                                                                                                                                                                        • Opcode ID: 7d2a491b4d78dc18618b78814a456101c6f39b1524578134ab1e44c6e011206b
                                                                                                                                                                        • Instruction ID: 9b34afee43fd9296c70cb406437d900b08ca794587e291509f68f86db9e7a286
                                                                                                                                                                        • Opcode Fuzzy Hash: 7d2a491b4d78dc18618b78814a456101c6f39b1524578134ab1e44c6e011206b
                                                                                                                                                                        • Instruction Fuzzy Hash: 8C4239B1D10259CFDF14CFA8D885BDEBBB1FF48314F20821AE015AB691E7746686CB94
                                                                                                                                                                        Function 00D49310 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 410COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • _wcsrchr.LIBVCRUNTIME ref: 00D4949D
                                                                                                                                                                        • _wcsrchr.LIBVCRUNTIME ref: 00D494C5
                                                                                                                                                                        • GetLogicalDriveStringsW.KERNEL32(00000064,?), ref: 00D4951E
                                                                                                                                                                        • GetDriveTypeW.KERNEL32(?), ref: 00D4953A
                                                                                                                                                                        • Wow64DisableWow64FsRedirection.KERNEL32(00000000,00000000), ref: 00D495C1
                                                                                                                                                                        • Wow64RevertWow64FsRedirection.KERNEL32(00000000,00000000), ref: 00D49821
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Wow64$DriveInit_thread_footerRedirection_wcsrchr$DisableHeapLogicalProcessRevertStringsType
                                                                                                                                                                        • String ID: ]%!
                                                                                                                                                                        • API String ID: 139206881-1069524040
                                                                                                                                                                        • Opcode ID: 95ba299e195e4f4c0e1339671c4062843c6accc45cfa02a8d020eef1a841fe68
                                                                                                                                                                        • Instruction ID: f3160421f26ed66d349b11b1a61d0b593fd3481bb867ccd8084c65eca4ab6d87
                                                                                                                                                                        • Opcode Fuzzy Hash: 95ba299e195e4f4c0e1339671c4062843c6accc45cfa02a8d020eef1a841fe68
                                                                                                                                                                        • Instruction Fuzzy Hash: E1F1D271900259CFDB24DF69C858BAEF7B5EF45310F1482E8E519A7292DB709E84CFA0
                                                                                                                                                                        Function 00DB41D9 Relevance: 9.0, APIs: 6, Instructions: 41memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • IsProcessorFeaturePresent.KERNEL32(0000000C,00DB40F5,00000000,?,00DB428D,?,?,?,?,?,?,?), ref: 00DB41DB
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000008,00000000,00000000,?,00DB428D,?,?,?,?,?,?,?), ref: 00DB4202
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00DB428D,?,?,?,?,?,?,?), ref: 00DB4209
                                                                                                                                                                        • InitializeSListHead.KERNEL32(00000000,?,00DB428D,?,?,?,?,?,?,?), ref: 00DB4216
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,00DB428D,?,?,?,?,?,?,?), ref: 00DB422B
                                                                                                                                                                        • HeapFree.KERNEL32(00000000,?,00DB428D,?,?,?,?,?,?,?), ref: 00DB4232
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$Process$AllocFeatureFreeHeadInitializeListPresentProcessor
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1475849761-0
                                                                                                                                                                        • Opcode ID: e21a72a623d0ff5345313ff877055253aa0b4d7fa2923724daa707f7a7837e95
                                                                                                                                                                        • Instruction ID: 070c23b7440739381363fea19c0838291798c896b0004b019a5b982ccdfc556d
                                                                                                                                                                        • Opcode Fuzzy Hash: e21a72a623d0ff5345313ff877055253aa0b4d7fa2923724daa707f7a7837e95
                                                                                                                                                                        • Instruction Fuzzy Hash: A6F04F35640601DFD7109F6AAC0CB567AF8FB99B12F044428FA86E7251DB70D8059A60
                                                                                                                                                                        Function 00D1A850 Relevance: 7.7, APIs: 5, Instructions: 240fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _wcsrchr.LIBVCRUNTIME ref: 00D1A8A8
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,00000000,?,?,00000000), ref: 00D1A9A8
                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,00000000,0000002A,?,00000000,?,?,00000000), ref: 00D1AA45
                                                                                                                                                                        • FindClose.KERNEL32(00000000,?,00000000,?,?,00000000), ref: 00D1AA6B
                                                                                                                                                                        • FindClose.KERNEL32(00000000,?,00000000,?,?,00000000), ref: 00D1AAB5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Find$CloseFileFirstInit_thread_footer$HeapProcess_wcsrchr
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 352340201-0
                                                                                                                                                                        • Opcode ID: 30a6877d4879be4b4d5b88a006dedef8beee12baedd484a2f0fd96e4542a6e53
                                                                                                                                                                        • Instruction ID: 3b8c7c3e64a4a5d9df06386f0f9155356d8b79945240e9c3e9792e2e09d6669e
                                                                                                                                                                        • Opcode Fuzzy Hash: 30a6877d4879be4b4d5b88a006dedef8beee12baedd484a2f0fd96e4542a6e53
                                                                                                                                                                        • Instruction Fuzzy Hash: 0F71E071A01209EFDB10DF68DD49BEAB7F4FF45324F244219E815D7281EB749988CB62
                                                                                                                                                                        Function 00DCCBBA Relevance: 6.3, APIs: 4, Instructions: 337COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _strrchr
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3213747228-0
                                                                                                                                                                        • Opcode ID: fcc137dfe0708e1f7a0708534d1b12ff6f576f64afdac42b5cb573f5b23bebeb
                                                                                                                                                                        • Instruction ID: f959e2c655c3346997eafb5db214238b20676885a52a8ae287ac981338eb7dd1
                                                                                                                                                                        • Opcode Fuzzy Hash: fcc137dfe0708e1f7a0708534d1b12ff6f576f64afdac42b5cb573f5b23bebeb
                                                                                                                                                                        • Instruction Fuzzy Hash: ABB126329142469FDB15CF68C881FFEBBA5EF56310F18916EEA09AB241D234DD01CBB0
                                                                                                                                                                        Function 00D4A4B0 Relevance: 6.2, APIs: 4, Instructions: 211COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 1c89cf38be516ce6c18d0c947f3e0c94f9acad217a7c4e105e0906d902e6a6ec
                                                                                                                                                                        • Instruction ID: c3d451c678562747e899ee82b4e48daef8083a5b149633bd501ea52f7942083a
                                                                                                                                                                        • Opcode Fuzzy Hash: 1c89cf38be516ce6c18d0c947f3e0c94f9acad217a7c4e105e0906d902e6a6ec
                                                                                                                                                                        • Instruction Fuzzy Hash: 6C818F71901218DFDB60DF6CCC49B99BBB4EF45314F1882D9E819AB292DB709E44CFA1
                                                                                                                                                                        Function 00C22390 Relevance: 6.1, APIs: 4, Instructions: 87timeCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • KillTimer.USER32(00000003,00000001,6C34C19C,?,?,?,?,00DE1D64,000000FF), ref: 00C223D1
                                                                                                                                                                        • GetWindowLongW.USER32(00000003,000000FC), ref: 00C223E6
                                                                                                                                                                        • SetWindowLongW.USER32(00000003,000000FC,?), ref: 00C223F8
                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(?,6C34C19C,?,?,?,?,00DE1D64,000000FF), ref: 00C22423
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: LongWindow$CriticalDeleteKillSectionTimer
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1032004442-0
                                                                                                                                                                        • Opcode ID: afddfed6196cfb8b929a7f60254051e8edca899eea672316fd980993741cb8f1
                                                                                                                                                                        • Instruction ID: 33f0635f69024d504dfe60c7b65622a1a55ee0940f62cadc45654fc4f3ade945
                                                                                                                                                                        • Opcode Fuzzy Hash: afddfed6196cfb8b929a7f60254051e8edca899eea672316fd980993741cb8f1
                                                                                                                                                                        • Instruction Fuzzy Hash: 2031D270A04656FFCB10DF29DC04F99BBB8FF05310F108269E864A3692D771EA15DBA0
                                                                                                                                                                        Function 00C2DAC0 Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 656COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00DB4BA2: EnterCriticalSection.KERNEL32(00EC7FD8,?,?,?,00C09D66,00EC8C04,6C34C19C,?,?,00DDCC0D,000000FF,?,00D5985C,6C34C19C), ref: 00DB4BAD
                                                                                                                                                                          • Part of subcall function 00DB4BA2: LeaveCriticalSection.KERNEL32(00EC7FD8,?,00C09D66,00EC8C04,6C34C19C,?,?,00DDCC0D,000000FF,?,00D5985C,6C34C19C), ref: 00DB4BEA
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00C2DB5E
                                                                                                                                                                          • Part of subcall function 00DB4B58: EnterCriticalSection.KERNEL32(00EC7FD8,?,?,00C09DD7,00EC8C04,00E37520), ref: 00DB4B62
                                                                                                                                                                          • Part of subcall function 00DB4B58: LeaveCriticalSection.KERNEL32(00EC7FD8,?,00C09DD7,00EC8C04,00E37520), ref: 00DB4B95
                                                                                                                                                                          • Part of subcall function 00DB4B58: RtlWakeAllConditionVariable.NTDLL ref: 00DB4C0C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
                                                                                                                                                                        • String ID: AiFeatIco$Icon
                                                                                                                                                                        • API String ID: 2296764815-1280411655
                                                                                                                                                                        • Opcode ID: 15317e93c6229fdbdc093f80ebfa96f60debb79e673f03b260377db4a69ba4b7
                                                                                                                                                                        • Instruction ID: d490af0abe52213f30d58169b225b3ba651643a44638209988cfe1831cb854c0
                                                                                                                                                                        • Opcode Fuzzy Hash: 15317e93c6229fdbdc093f80ebfa96f60debb79e673f03b260377db4a69ba4b7
                                                                                                                                                                        • Instruction Fuzzy Hash: D1527B70A00668DFDB24DF68CC58BDDBBB4FB59304F1442A9E419AB291DB706E85CF90
                                                                                                                                                                        Function 00C24200 Relevance: 5.7, Strings: 4, Instructions: 720COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: AI_CONTROL_VISUAL_STYLE$AI_CONTROL_VISUAL_STYLE_EX$AI_NO_BORDER_HOVER$AI_NO_BORDER_NORMAL
                                                                                                                                                                        • API String ID: 0-932585912
                                                                                                                                                                        • Opcode ID: dffdf526b7fa49ccb1436d791c20f653abac66927b1fe2ab8b3a2eea73268397
                                                                                                                                                                        • Instruction ID: d8111bb4b666ad955057cc7ab7f6212b2ba8a2027402a45959f1e7eeddbba842
                                                                                                                                                                        • Opcode Fuzzy Hash: dffdf526b7fa49ccb1436d791c20f653abac66927b1fe2ab8b3a2eea73268397
                                                                                                                                                                        • Instruction Fuzzy Hash: 7342D071D00228CBDF18DF68DC59BAEB7B1FF85300F148259E4A5AB781D774AA05CBA1
                                                                                                                                                                        Function 00D4A8B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 173fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,00000000,?), ref: 00D4A96C
                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00D4AAB7
                                                                                                                                                                          • Part of subcall function 00C09980: RtlAllocateHeap.NTDLL(?,00000000,?,6C34C19C,00000000,00DDC6B0,000000FF,?,?,00EBC42C,?,00D598B8,80004005,6C34C19C), ref: 00C099CA
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Find$AllocateCloseFileFirstHeap
                                                                                                                                                                        • String ID: %d.%d.%d.%d
                                                                                                                                                                        • API String ID: 1673784098-3491811756
                                                                                                                                                                        • Opcode ID: ee52bdf0bd37658e1c61bd2edea1eb1c02e43732fb29578003091e928d30997c
                                                                                                                                                                        • Instruction ID: 4b849b59a934a9871e0fb7d014e475acd58f1e001c41eb54e33d380ef641ceb1
                                                                                                                                                                        • Opcode Fuzzy Hash: ee52bdf0bd37658e1c61bd2edea1eb1c02e43732fb29578003091e928d30997c
                                                                                                                                                                        • Instruction Fuzzy Hash: DA61A070905219DFDF20DF28CD49B9DBBB4EF44314F148299E808AB291DB759E84CF91
                                                                                                                                                                        Function 00C28080 Relevance: 5.4, Strings: 4, Instructions: 371COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: MultipleInstances$MultipleInstancesProps$OldProductCode$ProductCode
                                                                                                                                                                        • API String ID: 0-469785651
                                                                                                                                                                        • Opcode ID: 207a98bbfdce51172e5603017771ee6c9249d85829f73b8fdfe6e7c23827f9e1
                                                                                                                                                                        • Instruction ID: 8b2c97fb9a641504b611db0898a69c0142712291ffd84c97ec25160171a826d1
                                                                                                                                                                        • Opcode Fuzzy Hash: 207a98bbfdce51172e5603017771ee6c9249d85829f73b8fdfe6e7c23827f9e1
                                                                                                                                                                        • Instruction Fuzzy Hash: 8DD13975A01211CFDB18DF18D851BAEB3B1FF94704F14865DD912ABB91EB30AE0ACB90
                                                                                                                                                                        Function 00D430D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00000002,00E4446C,00000000), ref: 00D43141
                                                                                                                                                                        • GetLocaleInfoW.KERNEL32(?,00000002,00D42CC5,-00000001,00000078,-00000001), ref: 00D4317D
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InfoInit_thread_footerLocale$HeapProcess
                                                                                                                                                                        • String ID: %d-%s
                                                                                                                                                                        • API String ID: 1688948774-1781338863
                                                                                                                                                                        • Opcode ID: 2647ff9f8611fc6079df1861ca06050e6236fc155f1ae535795415c70c1ddcca
                                                                                                                                                                        • Instruction ID: e316270c0b144dcf6cc5abc5b969dfe9daaf70625972a98bd0fb83798095208f
                                                                                                                                                                        • Opcode Fuzzy Hash: 2647ff9f8611fc6079df1861ca06050e6236fc155f1ae535795415c70c1ddcca
                                                                                                                                                                        • Instruction Fuzzy Hash: 9F318BB1A00209AFDB00DFA9CC4ABAEFBB8FF44714F108659F515A72D2DB755908CB90
                                                                                                                                                                        Function 00DB19D1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • VirtualQuery.KERNEL32(80000000,00DB1916,0000001C,00DB1B0B,00000000,?,?,?,?,?,?,?,00DB1916,00000004,00EC7A44,00DB1B9B), ref: 00DB19E2
                                                                                                                                                                        • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00DB1916,00000004,00EC7A44,00DB1B9B), ref: 00DB19FD
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InfoQuerySystemVirtual
                                                                                                                                                                        • String ID: D
                                                                                                                                                                        • API String ID: 401686933-2746444292
                                                                                                                                                                        • Opcode ID: 3b1da9e4f002bcbda87f21582602bf6b4a717db90b388cf17e170f7661088635
                                                                                                                                                                        • Instruction ID: 302abc6cdfc3f9b97adf23563a2bcb354b1cc32b5c5a06e20dc72ac8c6479346
                                                                                                                                                                        • Opcode Fuzzy Hash: 3b1da9e4f002bcbda87f21582602bf6b4a717db90b388cf17e170f7661088635
                                                                                                                                                                        • Instruction Fuzzy Hash: 7C01F736A00109ABCF14DE29DC19BEE7BA9AFC4324F0CC221ED5AE7145DA74E8068690
                                                                                                                                                                        Function 00CFFE80 Relevance: 4.7, APIs: 3, Instructions: 193fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,?,6C34C19C,?), ref: 00CFFF4C
                                                                                                                                                                        • FindNextFileW.KERNEL32(000000FF,00000010,?,6C34C19C,?), ref: 00D000A5
                                                                                                                                                                        • FindClose.KERNEL32(000000FF,?,?,6C34C19C,?), ref: 00D00104
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3541575487-0
                                                                                                                                                                        • Opcode ID: ff5967c55b586abffad1c521dbf5fe6251268d421d5acf8849f042778622f2e1
                                                                                                                                                                        • Instruction ID: 59d201d15d5c3bb4e562b57e7a651d4d7aa6e709b44efac38f81a7068f0fc644
                                                                                                                                                                        • Opcode Fuzzy Hash: ff5967c55b586abffad1c521dbf5fe6251268d421d5acf8849f042778622f2e1
                                                                                                                                                                        • Instruction Fuzzy Hash: C781BE70D04259DFDF24DFA4C859BEDBBB4EF05300F508299E819A7291DB706A85CB61
                                                                                                                                                                        Function 00C1E6B0 Relevance: 4.6, APIs: 3, Instructions: 93COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • IsWindow.USER32(00000004), ref: 00C1E6FE
                                                                                                                                                                        • GetWindowLongW.USER32(00000004,000000FC), ref: 00C1E717
                                                                                                                                                                        • SetWindowLongW.USER32(00000004,000000FC,?), ref: 00C1E729
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$Long
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 847901565-0
                                                                                                                                                                        • Opcode ID: 366a354c3ccc8e7d116c34852ba3c3ea2d50a1e17da4a3463683905971b77ab7
                                                                                                                                                                        • Instruction ID: 0d599574517c41997fc87a6dbb32ec5ef724fca2f24d2c4b125b449b734e764a
                                                                                                                                                                        • Opcode Fuzzy Hash: 366a354c3ccc8e7d116c34852ba3c3ea2d50a1e17da4a3463683905971b77ab7
                                                                                                                                                                        • Instruction Fuzzy Hash: 03418CB0604A46EFEB10CF69D908B9AFBB4FF05314F104268E825D7AD0D776E924DB90
                                                                                                                                                                        Function 00DB9913 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00DB9A0B
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00DB9A15
                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00DB9A22
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3906539128-0
                                                                                                                                                                        • Opcode ID: 30b2e6f4eac3b0f59adb52cb35c3c469a91da970d01ffb6f4d46e1015b2c382f
                                                                                                                                                                        • Instruction ID: da1a4d19976bf416d3a64d672d74bd1ad5cb744266eeb911f1035aa422d37ab8
                                                                                                                                                                        • Opcode Fuzzy Hash: 30b2e6f4eac3b0f59adb52cb35c3c469a91da970d01ffb6f4d46e1015b2c382f
                                                                                                                                                                        • Instruction Fuzzy Hash: FD31B27490122CEBCB21DF29D989BCDBBB8AF18310F5041EAE41DA7251EB709F858F55
                                                                                                                                                                        Function 00C09160 Relevance: 4.6, APIs: 3, Instructions: 65COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadResource.KERNEL32(00000000,00000000,6C34C19C,00000001,00000000,?,00000000,00DDC480,000000FF,?,00C0910C,6C34C19C,?,?,*.*,?), ref: 00C0918B
                                                                                                                                                                        • LockResource.KERNEL32(00000000,?,00C0910C,6C34C19C,?,?,*.*,?,00000000,00DDCB30,000000FF,?,00C092B0,?,?,*.*), ref: 00C09196
                                                                                                                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,00C0910C,6C34C19C,?,?,*.*,?,00000000,00DDCB30,000000FF,?,00C092B0,?,?), ref: 00C091A4
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Resource$LoadLockSizeof
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2853612939-0
                                                                                                                                                                        • Opcode ID: 887e6ed572b2a5fc9bdae260390c207cbf87e59d94f93bd1d5dfcfe1709ad7c6
                                                                                                                                                                        • Instruction ID: 17133dd05e03f11f40dda15e71d63be8bb638d68708245c7d2f862601d7aa6db
                                                                                                                                                                        • Opcode Fuzzy Hash: 887e6ed572b2a5fc9bdae260390c207cbf87e59d94f93bd1d5dfcfe1709ad7c6
                                                                                                                                                                        • Instruction Fuzzy Hash: 6711E736B006559FC7348F29DC49B6AB7E8EB89720F00492BEC5AD3281E6759D00CA90
                                                                                                                                                                        Function 00C17190 Relevance: 4.5, APIs: 3, Instructions: 28COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetWindowLongW.USER32(0000001B,000000FC), ref: 00C171A9
                                                                                                                                                                        • SetWindowLongW.USER32(0000001B,000000FC,?), ref: 00C171B7
                                                                                                                                                                        • DestroyWindow.USER32(0000001B), ref: 00C171E3
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$Long$Destroy
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3055081903-0
                                                                                                                                                                        • Opcode ID: e7b96dd569c0756f119fb355b871096a8b88e0a5abf53879ef923c73102efdb1
                                                                                                                                                                        • Instruction ID: 8c959545687952e72125803426b5f3876305a380aaf96c701d92f27177bb51ef
                                                                                                                                                                        • Opcode Fuzzy Hash: e7b96dd569c0756f119fb355b871096a8b88e0a5abf53879ef923c73102efdb1
                                                                                                                                                                        • Instruction Fuzzy Hash: FCF0307000CF11AFD7615F29ED05F86BBE1BF05721B104728E4FA925E0CB31A945EB00
                                                                                                                                                                        Function 00D4D180 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 76timeCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLocalTime.KERNEL32(?,6C34C19C), ref: 00D4D1DE
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        Strings
                                                                                                                                                                        • %04d-%02d-%02d %02d-%02d-%02d, xrefs: 00D4D220
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Init_thread_footer$HeapLocalProcessTime
                                                                                                                                                                        • String ID: %04d-%02d-%02d %02d-%02d-%02d
                                                                                                                                                                        • API String ID: 219929307-3768011868
                                                                                                                                                                        • Opcode ID: 617706efd9b767d19d9f63b1136dfa824e489ab858eebba36bd8e7c7e6f0b160
                                                                                                                                                                        • Instruction ID: 1574cc2a20d66323ce7a3634b4a715ee9cd9fcb1eb1c072a709b99099ddaf202
                                                                                                                                                                        • Opcode Fuzzy Hash: 617706efd9b767d19d9f63b1136dfa824e489ab858eebba36bd8e7c7e6f0b160
                                                                                                                                                                        • Instruction Fuzzy Hash: 09217CB1D00218AFDB14DF99D941BBEB7F8EB0C710F10422EF955A7281EB745944CBA5
                                                                                                                                                                        Function 00C2F4E0 Relevance: 3.3, APIs: 2, Instructions: 257windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SendMessageW.USER32(?,0000102B,00000000,00000001), ref: 00C2F60B
                                                                                                                                                                        • SendMessageW.USER32(?,0000102B,?,-00000002), ref: 00C2F7F5
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                        • Opcode ID: d80c19780b5fba5cde6f9b926048af1c2870abbbbdc0c089b8730adf96532c89
                                                                                                                                                                        • Instruction ID: 273b5475ef8d2a3c12e36c0b749bbc51fd52f523b175d6a4bf2fd344ed72ed2d
                                                                                                                                                                        • Opcode Fuzzy Hash: d80c19780b5fba5cde6f9b926048af1c2870abbbbdc0c089b8730adf96532c89
                                                                                                                                                                        • Instruction Fuzzy Hash: F3B1C071A0025AAFDB18CF24C995BA9FBF5FB05304F14827DE469DB691D730EA42CB90
                                                                                                                                                                        Function 00D1E5B0 Relevance: 3.1, APIs: 2, Instructions: 134windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • FormatMessageW.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000,6C34C19C,?,00000000), ref: 00D1E5FB
                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 00D1E605
                                                                                                                                                                          • Part of subcall function 00C09980: RtlAllocateHeap.NTDLL(?,00000000,?,6C34C19C,00000000,00DDC6B0,000000FF,?,?,00EBC42C,?,00D598B8,80004005,6C34C19C), ref: 00C099CA
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocateErrorFormatHeapLastMessage
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4114510652-0
                                                                                                                                                                        • Opcode ID: 280eb4553c603e3b510796d13df4c0979e76f1df0cf97984f901fcf56d06db0d
                                                                                                                                                                        • Instruction ID: 440cc1198fa04a56050ce3ddcaa7c0c1af43fcf4b0e713b4466f093b671f7fcd
                                                                                                                                                                        • Opcode Fuzzy Hash: 280eb4553c603e3b510796d13df4c0979e76f1df0cf97984f901fcf56d06db0d
                                                                                                                                                                        • Instruction Fuzzy Hash: 2241D0B1A01219AFEB14CF99D8057AEFBF4EB44714F18466AEC05E73C1DBB55904CBA0
                                                                                                                                                                        Function 00C710D0 Relevance: 3.1, APIs: 2, Instructions: 75COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetWindowLongW.USER32(00000000,000000FC), ref: 00C7113F
                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000FC,?), ref: 00C7114D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: LongWindow
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1378638983-0
                                                                                                                                                                        • Opcode ID: 592e62e68fa18dc09b601242513454425dee1f13e5e7154208583d4450b850d4
                                                                                                                                                                        • Instruction ID: db23f0dda2c6b0c2fc11d4436d665ed5d31688cc44b71a5fb6c3cab809f1f99c
                                                                                                                                                                        • Opcode Fuzzy Hash: 592e62e68fa18dc09b601242513454425dee1f13e5e7154208583d4450b850d4
                                                                                                                                                                        • Instruction Fuzzy Hash: 20318971904605EFCB10DF69C944B9AFBB4FF05320F548269E824AB6D1C732AA54CBA0
                                                                                                                                                                        Function 00C3D8C0 Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __set_se_translator.LIBVCRUNTIME ref: 00C3D8C5
                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_0011A060), ref: 00C3D8DB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterUnhandled__set_se_translator
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2480343447-0
                                                                                                                                                                        • Opcode ID: 4f4c81f61c09f6cfbfc485e0ba87fe497f52c47f6c0b3eb743eaa94de390b0e5
                                                                                                                                                                        • Instruction ID: 5fae01514887a866c4711ef7f58f3cec150d42c01a8b98d17a2dc236bbd5db56
                                                                                                                                                                        • Opcode Fuzzy Hash: 4f4c81f61c09f6cfbfc485e0ba87fe497f52c47f6c0b3eb743eaa94de390b0e5
                                                                                                                                                                        • Instruction Fuzzy Hash: 14D02220884244EFE7048721BC1EB843FB0F714309F080028D40B211C3CBA2A88DE733
                                                                                                                                                                        Function 00C745B0 Relevance: 1.8, Strings: 1, Instructions: 521COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionRaise__floor_pentium4
                                                                                                                                                                        • String ID: unordered_map/set too long
                                                                                                                                                                        • API String ID: 996205981-306623848
                                                                                                                                                                        • Opcode ID: 66c2c47102cc6db0291840c0f756d64e7a6efcdd4dd6c95ec4c0c650da3d1a8f
                                                                                                                                                                        • Instruction ID: 758e6e3b970cec7d0dd9d20604a27bb6759043b0a93bf924fd491e4aaf9e3b29
                                                                                                                                                                        • Opcode Fuzzy Hash: 66c2c47102cc6db0291840c0f756d64e7a6efcdd4dd6c95ec4c0c650da3d1a8f
                                                                                                                                                                        • Instruction Fuzzy Hash: 2012C371A006099FCB09DF69C881AADF7F5EF48350F14C26AE819EB391D731E951CB90
                                                                                                                                                                        Function 00C27AC0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • NtdllDefWindowProc_W.NTDLL(?,-00002000,?,?,00C260F7,?,?,?,?,?,?,?,?,00C25F68,?,?), ref: 00C27B10
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: NtdllProc_Window
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4255912815-0
                                                                                                                                                                        • Opcode ID: 3a50672c01ef9246dbdcdc4e4dd8fcf3563d02c46e2a97f378fb0800165e3f79
                                                                                                                                                                        • Instruction ID: f59b4b30928a445036f6495e8bbe2e1b144d71003a16d475524f3d470b2e49b4
                                                                                                                                                                        • Opcode Fuzzy Hash: 3a50672c01ef9246dbdcdc4e4dd8fcf3563d02c46e2a97f378fb0800165e3f79
                                                                                                                                                                        • Instruction Fuzzy Hash: 23F0827001C151DFD7118F28E8D8B6ABBA6FB44315F4446F5E054C5860C3358F44EF10
                                                                                                                                                                        Function 00DD1639 Relevance: .6, Instructions: 637COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: eaca07b048086fcd8918602b92ceb1e0ec663f032a788cd89185679800d0b382
                                                                                                                                                                        • Instruction ID: 971bfee6f59014c9f14403e036872c02a19b1a3dea31bc7ef0734528a46b9b57
                                                                                                                                                                        • Opcode Fuzzy Hash: eaca07b048086fcd8918602b92ceb1e0ec663f032a788cd89185679800d0b382
                                                                                                                                                                        • Instruction Fuzzy Hash: 6C321325E69F014DD7239639C826336A68DEFB73C5F15D737F82AB5AA5EB28C4834100
                                                                                                                                                                        Function 00DBD24E Relevance: .4, Instructions: 388COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5cf63165ef9fdf0965dbe8a6ce38c909efb3737bf227600ebaa4b72577398472
                                                                                                                                                                        • Instruction ID: 2b96a39cc410a2ab22a82517358e4422aaa36f9492521e7d3524eda5d96f06d1
                                                                                                                                                                        • Opcode Fuzzy Hash: 5cf63165ef9fdf0965dbe8a6ce38c909efb3737bf227600ebaa4b72577398472
                                                                                                                                                                        • Instruction Fuzzy Hash: 2BE16C74A00605CFCB24DF68C580AEAB7F2FF49314B284659D49B9B291E730ED46CB75
                                                                                                                                                                        Function 00DBCEC0 Relevance: .3, Instructions: 344COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: ae966dfa230d7057cf89edd88e88591a5397cc8ccbafebc79760b7ed9748f5c4
                                                                                                                                                                        • Instruction ID: 74eff91fb5ebdacd2ef0c201e0c5b0bd7a1c34fc524210cf457a7dcc35ba40e0
                                                                                                                                                                        • Opcode Fuzzy Hash: ae966dfa230d7057cf89edd88e88591a5397cc8ccbafebc79760b7ed9748f5c4
                                                                                                                                                                        • Instruction Fuzzy Hash: E8C17C70900646CFCB249E68C480AFABBB3BF49350F184659E4979B291E731E946CB71
                                                                                                                                                                        Function 00C15220 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a51eb6b258f29b0b2b6fc9e2ace1fa41fb03fc9698c91d973910a7091bc75dd3
                                                                                                                                                                        • Instruction ID: 75c5c061f1982ef9758a0df42c1292ed06603b8da556f6ce0ac1fdd296361db6
                                                                                                                                                                        • Opcode Fuzzy Hash: a51eb6b258f29b0b2b6fc9e2ace1fa41fb03fc9698c91d973910a7091bc75dd3
                                                                                                                                                                        • Instruction Fuzzy Hash: 607107B1801B48CFE761CF78C94578ABBF0BB05324F144A5ED4A99B3D1D3B96648CB91
                                                                                                                                                                        Function 00CBC330 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 88f6717128fade9a87e878e182fd1cac8f68a3e5067cc670218a479c6c5e1ef1
                                                                                                                                                                        • Instruction ID: c3bf401c89b89349d306cd217419c662330c616f4164ea047e79541293abe452
                                                                                                                                                                        • Opcode Fuzzy Hash: 88f6717128fade9a87e878e182fd1cac8f68a3e5067cc670218a479c6c5e1ef1
                                                                                                                                                                        • Instruction Fuzzy Hash: 794105B0905649EED704CF69C50978AFBF0BB09318F10869DC4589B781C3BAA618CF95
                                                                                                                                                                        Function 00C1E540 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: ce945735f8d4359ecfa53336c9bad2b2a7b328b041397809366bf420b3a73bae
                                                                                                                                                                        • Instruction ID: 8d4d58d261752337d70776e3ac5bfb1e5f4f97c572a8fc523d8307c8aed9d95b
                                                                                                                                                                        • Opcode Fuzzy Hash: ce945735f8d4359ecfa53336c9bad2b2a7b328b041397809366bf420b3a73bae
                                                                                                                                                                        • Instruction Fuzzy Hash: D631CFB0405B84CEE321CF2AC658787BFF0AB15718F104A5DD4E69BB91D3BAA548CB91
                                                                                                                                                                        Function 00C178B0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 9902d25ad53aca1cd9e59ea6a366147bfb7ee6f383a230994cebe4f21c166d99
                                                                                                                                                                        • Instruction ID: d191c39e34ea835c03f42ecdebafdbc129d3cb466b20aafcf5b8f548dc4acb75
                                                                                                                                                                        • Opcode Fuzzy Hash: 9902d25ad53aca1cd9e59ea6a366147bfb7ee6f383a230994cebe4f21c166d99
                                                                                                                                                                        • Instruction Fuzzy Hash: 82214CB0804784DFD710CF59C904B8ABBF4FF1A314F1186AED455AB791D3B9AA48CB91
                                                                                                                                                                        Function 00C358F0 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 39ab87d32c48e69e16a8fe3176049c8144bc2420eb3574896b2a497a1fe5f666
                                                                                                                                                                        • Instruction ID: bdda5e0ecf5e1cb8c9f73789ff7b5ba4ef76e3d857699421f8e022f3407e3ea4
                                                                                                                                                                        • Opcode Fuzzy Hash: 39ab87d32c48e69e16a8fe3176049c8144bc2420eb3574896b2a497a1fe5f666
                                                                                                                                                                        • Instruction Fuzzy Hash: 1A1100B1905648DFC740CF59D544B49BBF4FB09328F2082AEE8589B381D3769A0ACF94
                                                                                                                                                                        Function 00DCE8FB Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f085a71b5377a85159d6d6ed49515e1f5627b2e0494222b3d34044b9928ebcce
                                                                                                                                                                        • Instruction ID: 79dd8b9768fd1cadf2fa4fd998df418a5ca17017faccc38b45873dc9650684dd
                                                                                                                                                                        • Opcode Fuzzy Hash: f085a71b5377a85159d6d6ed49515e1f5627b2e0494222b3d34044b9928ebcce
                                                                                                                                                                        • Instruction Fuzzy Hash: 90F0A0B2611220EFCB52C748C605F4973B8EB44B11F1500AAE000E7251CAB1DE01CBE0
                                                                                                                                                                        Function 00DCE93F Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 52a31a1b2c87d20f6f1ccd6e3f5e56cdbfee1b29986efbea090f4dac1cf3a30c
                                                                                                                                                                        • Instruction ID: 61730d18f83d817af9b37c65c456c3e0261d82222d2ffb9c26f6620e819fd820
                                                                                                                                                                        • Opcode Fuzzy Hash: 52a31a1b2c87d20f6f1ccd6e3f5e56cdbfee1b29986efbea090f4dac1cf3a30c
                                                                                                                                                                        • Instruction Fuzzy Hash: 32E08CB2911228EBCB64DBD8C904E8AF3FCEB45B00B15089AF501E3200D674EE00CBE0
                                                                                                                                                                        Function 00DBFDF7 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 16a962eb7063aa5dac9a286c1eb4be0eb6ad47394398426903ba7e2235a18e8e
                                                                                                                                                                        • Instruction ID: bf0cc78197c06cf6c6984a79ca5f16cf1c7619cd61dbe207680743e03b62de14
                                                                                                                                                                        • Opcode Fuzzy Hash: 16a962eb7063aa5dac9a286c1eb4be0eb6ad47394398426903ba7e2235a18e8e
                                                                                                                                                                        • Instruction Fuzzy Hash: F7C08C34001940CBCE298B1497727F53354E391782F88049CD4030B653DA2EDD82DA30
                                                                                                                                                                        Function 00C171F0 Relevance: 33.7, APIs: 17, Strings: 2, Instructions: 460stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • RedrawWindow.USER32(?,00000000,00000000,00000507,6C34C19C), ref: 00C1727E
                                                                                                                                                                        • IsWindow.USER32(?), ref: 00C17290
                                                                                                                                                                        • GetParent.USER32(?), ref: 00C172D1
                                                                                                                                                                        • lstrcmpW.KERNEL32(?,#32770), ref: 00C172F1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$ParentRedrawlstrcmp
                                                                                                                                                                        • String ID: #32770$h
                                                                                                                                                                        • API String ID: 3033045798-2263804114
                                                                                                                                                                        • Opcode ID: cf3a1eb0a81226e14c972836b8399c110770ec6681d4b9743dc49a766e3bdf8a
                                                                                                                                                                        • Instruction ID: 8dc0460edbd27a040fdf9b58d41899b7786f8e2e871ec54deb785b0726af69c0
                                                                                                                                                                        • Opcode Fuzzy Hash: cf3a1eb0a81226e14c972836b8399c110770ec6681d4b9743dc49a766e3bdf8a
                                                                                                                                                                        • Instruction Fuzzy Hash: 2F027070A08208DFDB14CFA5C948BEEBBF5FF4A310F144658F415A7290DB75AA85EB20
                                                                                                                                                                        Function 00D54100 Relevance: 30.1, APIs: 9, Strings: 8, Instructions: 335COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        • powershell.exe -NonInteractive -NoLogo -ExecutionPolicy Unrestricted -WindowStyle Hidden -Command "$host.UI.RawUI.BufferSize = new, xrefs: 00D5425F
                                                                                                                                                                        • Unable to create process: , xrefs: 00D54304
                                                                                                                                                                        • Unable to find file , xrefs: 00D54133
                                                                                                                                                                        • txt, xrefs: 00D541D3
                                                                                                                                                                        • Unable to get a temp file for script output, temp path: , xrefs: 00D5420F
                                                                                                                                                                        • Unable to retrieve exit code from process., xrefs: 00D54481
                                                                                                                                                                        • ps1, xrefs: 00D541A6, 00D541B8, 00D541C2
                                                                                                                                                                        • Unable to retrieve PowerShell output from file: , xrefs: 00D5445E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: Unable to create process: $Unable to find file $Unable to get a temp file for script output, temp path: $Unable to retrieve PowerShell output from file: $Unable to retrieve exit code from process.$powershell.exe -NonInteractive -NoLogo -ExecutionPolicy Unrestricted -WindowStyle Hidden -Command "$host.UI.RawUI.BufferSize = new$ps1$txt
                                                                                                                                                                        • API String ID: 0-4129021124
                                                                                                                                                                        • Opcode ID: 95e3c2dff136e2f94749a97ba83c72bacabd15b9f0c6de72a07b62afbaf97c64
                                                                                                                                                                        • Instruction ID: dbc16eaf085c158165380d2977e85f9bd35dbd74bacbab7581d8c2e6449733fc
                                                                                                                                                                        • Opcode Fuzzy Hash: 95e3c2dff136e2f94749a97ba83c72bacabd15b9f0c6de72a07b62afbaf97c64
                                                                                                                                                                        • Instruction Fuzzy Hash: DBC19E71D01609AFDF10DFA8C945BAEBBB4EF05314F148259F814B72D2DB749A48CBA1
                                                                                                                                                                        Function 00D26CC0 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 259COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetDlgItem.USER32(?,000001F6), ref: 00D26D0E
                                                                                                                                                                        • GetDlgItem.USER32(?,000001F8), ref: 00D26D1B
                                                                                                                                                                        • GetDlgItem.USER32(?,000001F7), ref: 00D26D6C
                                                                                                                                                                        • SetWindowTextW.USER32(00000000,00000000), ref: 00D26D7B
                                                                                                                                                                        • ShowWindow.USER32(?,00000005), ref: 00D26DE1
                                                                                                                                                                        • GetDlgItem.USER32(?,000001F7), ref: 00D26E03
                                                                                                                                                                        • SetWindowTextW.USER32(00000000,00000000), ref: 00D26E12
                                                                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00D26E77
                                                                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 00D26E7E
                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000616), ref: 00D26EC7
                                                                                                                                                                        • GetDlgItem.USER32(?,00000000), ref: 00D26EF9
                                                                                                                                                                        • IsWindow.USER32(00000000), ref: 00D26F03
                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,10C25DE5,01F66800,76FF0000,E815FF24,00000014,?,00000000,?,?,00000616), ref: 00D26F50
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$Item$Show$Text
                                                                                                                                                                        • String ID: Details <<$Details >>
                                                                                                                                                                        • API String ID: 2476474966-3763984547
                                                                                                                                                                        • Opcode ID: 8ade747cfbc15d7d561ac15c2d254b630d8e7d1d331978070332d4af72716e5d
                                                                                                                                                                        • Instruction ID: 5768a03ed723b2e262a7cb2a40492aac9ee0626f454badf965a5ccf3020d784c
                                                                                                                                                                        • Opcode Fuzzy Hash: 8ade747cfbc15d7d561ac15c2d254b630d8e7d1d331978070332d4af72716e5d
                                                                                                                                                                        • Instruction Fuzzy Hash: 8B91AD71D00219AFDF049FA8ED95BAEBBB1EF18314F148229F511B7690D731A891CBA0
                                                                                                                                                                        Function 00D269C0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 132windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00D1E740: LoadLibraryW.KERNEL32(ComCtl32.dll,6C34C19C,?,?,00000000), ref: 00D1E77E
                                                                                                                                                                          • Part of subcall function 00D1E740: GetProcAddress.KERNEL32(00000000,LoadIconMetric), ref: 00D1E7A1
                                                                                                                                                                          • Part of subcall function 00D1E740: FreeLibrary.KERNEL32(00000000), ref: 00D1E81F
                                                                                                                                                                        • GetDlgItem.USER32(?,000001F4), ref: 00D26A01
                                                                                                                                                                        • SendMessageW.USER32(00000000,00000170,00000000,00000000), ref: 00D26A12
                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00D26A1A
                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000), ref: 00D26A21
                                                                                                                                                                        • MulDiv.KERNEL32(00000009,00000000), ref: 00D26A2A
                                                                                                                                                                        • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,Courier New), ref: 00D26A53
                                                                                                                                                                        • GetDlgItem.USER32(?,000001F6), ref: 00D26A64
                                                                                                                                                                        • IsWindow.USER32(00000000), ref: 00D26A6D
                                                                                                                                                                        • SendMessageW.USER32(00000000,00000030,?,00000000), ref: 00D26A84
                                                                                                                                                                        • GetDlgItem.USER32(?,000001F8), ref: 00D26A8E
                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00D26A9F
                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00D26AB2
                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00D26AC2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$ItemRect$LibraryMessageSend$AddressCapsCreateDeviceFontFreeLoadProc
                                                                                                                                                                        • String ID: Courier New
                                                                                                                                                                        • API String ID: 1731048342-2572734833
                                                                                                                                                                        • Opcode ID: 0324713b5ac8bea7a59bafdcb1261090a078db26564084709ec7f4f4afb0d688
                                                                                                                                                                        • Instruction ID: 9d330a198a3942b6be1a22171f72093e40fb739b9ca4550e0251eac9f4f8ecd6
                                                                                                                                                                        • Opcode Fuzzy Hash: 0324713b5ac8bea7a59bafdcb1261090a078db26564084709ec7f4f4afb0d688
                                                                                                                                                                        • Instruction Fuzzy Hash: 0A41E671B843087FFB149F259D42FBE7BA9EF58B04F000529BB05BA1C1DAB1AC448B64
                                                                                                                                                                        Function 00D4E0A0 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 230memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LocalFree.KERNEL32(00000000,Everyone,10000000,00000000,6C34C19C), ref: 00D4E152
                                                                                                                                                                        • LocalFree.KERNEL32(00000000,Everyone,10000000,00000000,6C34C19C), ref: 00D4E163
                                                                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000014), ref: 00D4E1D8
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D4E1F6
                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 00D4E207
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D4E226
                                                                                                                                                                        • LocalFree.KERNEL32(00000000), ref: 00D4E237
                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,?), ref: 00D4E260
                                                                                                                                                                        • LocalFree.KERNEL32(00000000,Everyone,10000000,00000000,6C34C19C), ref: 00D4E2B4
                                                                                                                                                                        • LocalFree.KERNEL32(00000000,Everyone,10000000,00000000,6C34C19C), ref: 00D4E317
                                                                                                                                                                        • LocalFree.KERNEL32(00000000,Everyone,10000000,00000000,6C34C19C), ref: 00D4E321
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Local$Free$ErrorLast$AllocCreateDirectory
                                                                                                                                                                        • String ID: Everyone
                                                                                                                                                                        • API String ID: 2702579218-3285609282
                                                                                                                                                                        • Opcode ID: 21bb4fde3c6b9f5333270386c26ae63e05f68d3e7b4c11b12a8723db53f6169c
                                                                                                                                                                        • Instruction ID: 578330f4602288c8240fea8d52ce776f175f96af8a60dddae2b2bcd6d6d6de46
                                                                                                                                                                        • Opcode Fuzzy Hash: 21bb4fde3c6b9f5333270386c26ae63e05f68d3e7b4c11b12a8723db53f6169c
                                                                                                                                                                        • Instruction Fuzzy Hash: A49109B0E01249ABEF24DFE5D988BDEBBB8BF04704F144119E511BB290DBB59908CF61
                                                                                                                                                                        Function 00C364D0 Relevance: 22.7, APIs: 15, Instructions: 178windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SendMessageW.USER32(?,00000318,00000000,00000004), ref: 00C36537
                                                                                                                                                                        • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 00C36545
                                                                                                                                                                        • SendMessageW.USER32(?,00001304,00000000,00000000), ref: 00C3655F
                                                                                                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00C36577
                                                                                                                                                                        • SendMessageW.USER32(?,0000130A,00000000,?), ref: 00C365A8
                                                                                                                                                                        • CreateRectRgn.GDI32(?,?,?,?), ref: 00C365E2
                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00C365F9
                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00C36615
                                                                                                                                                                        • CreateRectRgn.GDI32(00000000,00000000,?,?), ref: 00C36640
                                                                                                                                                                        • CreateRectRgn.GDI32(?,?,?,?), ref: 00C3665D
                                                                                                                                                                        • SelectClipRgn.GDI32(00000000,00000000), ref: 00C36674
                                                                                                                                                                        • GetParent.USER32(?), ref: 00C36684
                                                                                                                                                                        • SendMessageW.USER32(00000000,00000136,?,?), ref: 00C36695
                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00C366AB
                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00C366B0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MessageRectSend$Create$DeleteObject$ClientClipParentSelect
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1236051970-0
                                                                                                                                                                        • Opcode ID: 2ac753250ca29493101baf290f3cb3adae2318d7ab60a0b1dbcd091171bbdc88
                                                                                                                                                                        • Instruction ID: 1e95f60ca82b0bb63d5ccf7e688cb2853cc7808bf714c9135d0c053958842eaf
                                                                                                                                                                        • Opcode Fuzzy Hash: 2ac753250ca29493101baf290f3cb3adae2318d7ab60a0b1dbcd091171bbdc88
                                                                                                                                                                        • Instruction Fuzzy Hash: 14610771904618AFDB119FA5CD49FEEBBB9FF08710F140129F665AB2A0C7716905CF50
                                                                                                                                                                        Function 00D38270 Relevance: 21.4, APIs: 4, Strings: 8, Instructions: 439COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,6C34C19C), ref: 00D382D9
                                                                                                                                                                        • IsWow64Process.KERNEL32(00000000), ref: 00D382E0
                                                                                                                                                                          • Part of subcall function 00D1AB00: _wcsrchr.LIBVCRUNTIME ref: 00D1AB39
                                                                                                                                                                        • _wcsrchr.LIBVCRUNTIME ref: 00D38361
                                                                                                                                                                        • _wcsrchr.LIBVCRUNTIME ref: 00D383F7
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _wcsrchr$Process$CurrentWow64
                                                                                                                                                                        • String ID: "%s" $ /fvomus //$ /i //$ /p //$ EXE_CMD_LINE="%s "$ TRANSFORMS=":%d"$%s AI_SETUPEXEPATH="%s" SETUPEXEDIR="%s"$.x64
                                                                                                                                                                        • API String ID: 657290924-2074823060
                                                                                                                                                                        • Opcode ID: 57515693d14beaf290a4ec911e8836db54d4378d9872ecc201c8add6dca7bbc5
                                                                                                                                                                        • Instruction ID: f1aa877968367c3bf8a9867ac4b0da12bbf2c5319f293a033eab0ae2ea9a60f2
                                                                                                                                                                        • Opcode Fuzzy Hash: 57515693d14beaf290a4ec911e8836db54d4378d9872ecc201c8add6dca7bbc5
                                                                                                                                                                        • Instruction Fuzzy Hash: EBF1B171A017069FDB10DF68C845BAEBBA5FF45310F188668F815AB2D2DB74DD04DBA0
                                                                                                                                                                        Function 00D4CF60 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 192fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(00EC9384,6C34C19C,?,00000010), ref: 00D4CF9C
                                                                                                                                                                          • Part of subcall function 00C092A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00C21134,00000000,?,00000010,?,*.*,?,80070057), ref: 00C092C3
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00000010,6C34C19C,?,00000010), ref: 00D4CFA9
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,000000FF,00000000), ref: 00D4CFDB
                                                                                                                                                                        • FlushFileBuffers.KERNEL32(00000000,?,?,000000FF,00000000), ref: 00D4CFE4
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,00D42D47,9384B9EC,00E25BDD,00000000,00E4443C,00000001,?,?,000000FF,00000000), ref: 00D4D066
                                                                                                                                                                        • FlushFileBuffers.KERNEL32(00000000,?,?,000000FF,00000000), ref: 00D4D06F
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,?,000000FF,00000000), ref: 00D4D0A5
                                                                                                                                                                        • FlushFileBuffers.KERNEL32(00000000,?,?,?,00000000,?,?,000000FF,00000000), ref: 00D4D0AE
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,?,00000000,00E46D60,00000002,?,?,?,00000000,?,?,000000FF,00000000), ref: 00D4D10F
                                                                                                                                                                        • FlushFileBuffers.KERNEL32(00000000,?,?,?,00000000,?,?,000000FF,00000000), ref: 00D4D118
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00000000,?,?,?,00000000,?,?,000000FF,00000000), ref: 00D4D148
                                                                                                                                                                          • Part of subcall function 00C09980: RtlAllocateHeap.NTDLL(?,00000000,?,6C34C19C,00000000,00DDC6B0,000000FF,?,?,00EBC42C,?,00D598B8,80004005,6C34C19C), ref: 00C099CA
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$BuffersFlushWrite$CriticalSection$AllocateEnterFindHeapInitializeLeaveResource
                                                                                                                                                                        • String ID: v
                                                                                                                                                                        • API String ID: 201293332-3261393531
                                                                                                                                                                        • Opcode ID: c6a11fc4617ab6e482c04cc5ee89078e816784db7d1bae8c71f993e01947c8cd
                                                                                                                                                                        • Instruction ID: 5ad05c3446563fb34ca2e1d5ca0ab0bd967a76f48cbcaccfa9d9e394d2e39a99
                                                                                                                                                                        • Opcode Fuzzy Hash: c6a11fc4617ab6e482c04cc5ee89078e816784db7d1bae8c71f993e01947c8cd
                                                                                                                                                                        • Instruction Fuzzy Hash: 3D61BD31A01648AFDB00DF69CD49BAABFB5FF45310F148198F905A72A2D7719918DFA0
                                                                                                                                                                        Function 00C76CB0 Relevance: 21.2, APIs: 14, Instructions: 170COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00C76CF7
                                                                                                                                                                        • GetParent.USER32 ref: 00C76D0D
                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00C76D18
                                                                                                                                                                        • GetParent.USER32(?), ref: 00C76D20
                                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 00C76D2F
                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00C76D38
                                                                                                                                                                        • MapWindowPoints.USER32(00000002,00000000,?,00000002), ref: 00C76D44
                                                                                                                                                                        • GetWindow.USER32(?,00000004), ref: 00C76D52
                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00C76D60
                                                                                                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 00C76D6D
                                                                                                                                                                        • MonitorFromWindow.USER32(?,00000002), ref: 00C76D85
                                                                                                                                                                        • GetMonitorInfoW.USER32(00000000,00000004), ref: 00C76D9F
                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,000000FF,000000FF,00000015), ref: 00C76E4D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$Rect$ClientLongMonitorParent$FromInfoPoints
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3127921553-0
                                                                                                                                                                        • Opcode ID: 3d6af355cad151d37968a030761918dc924e81879a28b9be27d32ddbb5ea35da
                                                                                                                                                                        • Instruction ID: 758961b0294a0f5c9b66e4ed4605d2f2e780738861d042e3c70fa0829fe49dbe
                                                                                                                                                                        • Opcode Fuzzy Hash: 3d6af355cad151d37968a030761918dc924e81879a28b9be27d32ddbb5ea35da
                                                                                                                                                                        • Instruction Fuzzy Hash: C6514D72E045199FDB20CFA9CD45EEEBBB9EB48710F254229E815B3294DB31AD05CF90
                                                                                                                                                                        Function 00D29470 Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 410libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00D43C70: GetSystemDefaultLangID.KERNEL32(6C34C19C,?,?,?,?), ref: 00D43CA6
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process2,?,?,?,?,00000000), ref: 00D295D3
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00D295DA
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00D295F1
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,?,?,?,00000000), ref: 00D29610
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressCurrentDefaultHandleInit_thread_footerLangModuleProcProcessSystem
                                                                                                                                                                        • String ID: IsWow64Process2$No acceptable version found. It must be installed from package.$Search result:$Searching for:$Undefined$Wrong OS or Os language for:$kernel32
                                                                                                                                                                        • API String ID: 52476621-3263831601
                                                                                                                                                                        • Opcode ID: 1da2a57152f0ef283168c710f299d98e51d0cfd2901ea7ad1c4ec8f61f5c2f99
                                                                                                                                                                        • Instruction ID: 6ffb9b11a8a73f5db5bbcb7586a8e25b6f87ac2e68f1648350e1ed79d5e2efc7
                                                                                                                                                                        • Opcode Fuzzy Hash: 1da2a57152f0ef283168c710f299d98e51d0cfd2901ea7ad1c4ec8f61f5c2f99
                                                                                                                                                                        • Instruction Fuzzy Hash: 95F1B070A006148FCB10DFA8D8A5B9EF7F1FF54328F18425DE466AB291DB31A946CF60
                                                                                                                                                                        Function 00D24730 Relevance: 19.6, APIs: 6, Strings: 5, Instructions: 340threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(00EC944C,6C34C19C,?,?,00000000), ref: 00D24852
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,6C34C19C,?,?,00000000,?,?,?,?,?,00000000,00E1D8F7,000000FF), ref: 00D24864
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,00000000,?,?,?,?,?,00000000,00E1D8F7,000000FF), ref: 00D24871
                                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 00D2487C
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,*** Stack Trace (x86) ***,0000001F,?,00E4446C,00000000), ref: 00D24AAE
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,00000000), ref: 00D24BDC
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$Current$EnterHandleInitializeLeaveModuleProcessThread
                                                                                                                                                                        • String ID: *** Stack Trace (x86) ***$ v$<--------------------MORE--FRAMES-------------------->$MODULE_BASE_ADDRESS$[0x%.8Ix]
                                                                                                                                                                        • API String ID: 3051236879-1086252000
                                                                                                                                                                        • Opcode ID: f7872d6023d12c053081402fcd4236a05a02abc70caa9ea170caa577fbdef6c1
                                                                                                                                                                        • Instruction ID: 520cefd3f46ea1470145fbc764a34bf2d82ca6e3bfb15e1a4f25319be088bd9a
                                                                                                                                                                        • Opcode Fuzzy Hash: f7872d6023d12c053081402fcd4236a05a02abc70caa9ea170caa577fbdef6c1
                                                                                                                                                                        • Instruction Fuzzy Hash: 78D1AB71A003889FDF29DF64DC59BEE7BB8EF45308F104158E959AB281D7755B08CBA0
                                                                                                                                                                        Function 00D247E0 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 265threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(00EC944C,6C34C19C,?,?,00000000), ref: 00D24852
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,6C34C19C,?,?,00000000,?,?,?,?,?,00000000,00E1D8F7,000000FF), ref: 00D24864
                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,00000000,?,?,?,?,?,00000000,00E1D8F7,000000FF), ref: 00D24871
                                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 00D2487C
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,*** Stack Trace (x86) ***,0000001F,?,00E4446C,00000000), ref: 00D24AAE
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,00000000), ref: 00D24BDC
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$Current$EnterHandleInitializeLeaveModuleProcessThread
                                                                                                                                                                        • String ID: *** Stack Trace (x86) ***$ v$<--------------------MORE--FRAMES-------------------->$MODULE_BASE_ADDRESS$[0x%.8Ix]
                                                                                                                                                                        • API String ID: 3051236879-1086252000
                                                                                                                                                                        • Opcode ID: 6f70517e235a13c6f7752112e03f2fd5e4f50a598bce5c874a55c9a1efd6acbe
                                                                                                                                                                        • Instruction ID: 2801e6239ae13add6c69892ce5f11d78dd4b73c61b6eb0435b38107981d8b25f
                                                                                                                                                                        • Opcode Fuzzy Hash: 6f70517e235a13c6f7752112e03f2fd5e4f50a598bce5c874a55c9a1efd6acbe
                                                                                                                                                                        • Instruction Fuzzy Hash: 1AB1AA719003889FDF29DF64DC59BEE7BB8EF45308F004158E959AB282DB755B09CB60
                                                                                                                                                                        Function 00C34DB0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 229windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateWindowExW.USER32(00000000,tooltips_class32,00000000,80000063,80000000,80000000,80000000,80000000,?,00000000,00000000,6C34C19C), ref: 00C34E38
                                                                                                                                                                          • Part of subcall function 00C168F0: SetWindowLongW.USER32(?,000000FC,00000000), ref: 00C16926
                                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 00C34F3B
                                                                                                                                                                        • SendMessageW.USER32(00000000,00000439,00000000,0000002C), ref: 00C34F4F
                                                                                                                                                                        • SendMessageW.USER32(00000000,00000421,00000003,?), ref: 00C34F64
                                                                                                                                                                        • SendMessageW.USER32(00000000,00000418,00000000,0000012C), ref: 00C34F79
                                                                                                                                                                        • SendMessageW.USER32(?,000000D6,-00000001,00000000), ref: 00C34F90
                                                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 00C34FB0
                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00C34FC2
                                                                                                                                                                        • SendMessageW.USER32(00000000,00000412,00000000), ref: 00C35024
                                                                                                                                                                        • SendMessageW.USER32(00000000,00000411,00000001,0000002C), ref: 00C35034
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MessageSend$Window$ClientCreateLongRectScreen
                                                                                                                                                                        • String ID: tooltips_class32
                                                                                                                                                                        • API String ID: 1468030502-1918224756
                                                                                                                                                                        • Opcode ID: c605e7e20746df0ae1e397450403045029a52bbee1478bf3561cae969a07d0c2
                                                                                                                                                                        • Instruction ID: eafe43bd7d21942ab2c418496507785e3eb1189fc36343276969872e962b7ba5
                                                                                                                                                                        • Opcode Fuzzy Hash: c605e7e20746df0ae1e397450403045029a52bbee1478bf3561cae969a07d0c2
                                                                                                                                                                        • Instruction Fuzzy Hash: E0913C71A00608AFDB14CFA5CC95FEEBBF8FB08300F10852AE556EA290D775A905CF50
                                                                                                                                                                        Function 00C1F8C0 Relevance: 18.3, APIs: 12, Instructions: 336windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00C1F914
                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00C1F9F3
                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00C1FA05
                                                                                                                                                                        • GetWindowDC.USER32(?), ref: 00C1FA17
                                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00C1FA44
                                                                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000), ref: 00C1FA86
                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00C1FA95
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: RectWindow$CompatibleCreate$BitmapClientObjectSelect
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2032541772-0
                                                                                                                                                                        • Opcode ID: 581bb27e27250984c7fc086468589b69ad001fd0b04ad9e8e93c7d0106dd0c1a
                                                                                                                                                                        • Instruction ID: b7d8258eb9ced705f0086644b7266a5d203dacc0eecef3de011b0385bd9d9021
                                                                                                                                                                        • Opcode Fuzzy Hash: 581bb27e27250984c7fc086468589b69ad001fd0b04ad9e8e93c7d0106dd0c1a
                                                                                                                                                                        • Instruction Fuzzy Hash: 50E15871D04258EFDB20CFA9C948BAEBBF8EF09700F1042A9E859B7251D7716A85DF50
                                                                                                                                                                        Function 00D59380 Relevance: 18.3, APIs: 12, Instructions: 334COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 357621fc78684d18983f7a089ffb5bd79a2e7a9533182a960d008e52b58b3b7b
                                                                                                                                                                        • Instruction ID: 5bbf6bbef88750120032e912782a11605b14d048a2289115113328d91df031db
                                                                                                                                                                        • Opcode Fuzzy Hash: 357621fc78684d18983f7a089ffb5bd79a2e7a9533182a960d008e52b58b3b7b
                                                                                                                                                                        • Instruction Fuzzy Hash: 74A1FE72600205EFDF10AF65DC95FAABBA4EF48312F144169FD09AB292DB75D809CB70
                                                                                                                                                                        Function 00C15050 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 119COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00EC957C,6C34C19C,00000000,?,?,?,?,?,?,00C1487E,00DDF9CD,000000FF), ref: 00C1508D
                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00C15108
                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00C151AE
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00EC957C), ref: 00C15203
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalCursorLoadSection$EnterLeave
                                                                                                                                                                        • String ID: v$0$AtlAxWin140$AtlAxWinLic140$WM_ATLGETCONTROL$WM_ATLGETHOST
                                                                                                                                                                        • API String ID: 3727441302-556780245
                                                                                                                                                                        • Opcode ID: 53411cab8192a0b587ed356205b5e8305576b33359c7cd420f763e49a6ecb7bb
                                                                                                                                                                        • Instruction ID: 6453bc18f2fda59766c8ebbc4998a8b1310b35a264149455d51475cab4e85922
                                                                                                                                                                        • Opcode Fuzzy Hash: 53411cab8192a0b587ed356205b5e8305576b33359c7cd420f763e49a6ecb7bb
                                                                                                                                                                        • Instruction Fuzzy Hash: F05135B1D45318EFDB11CF95D948BDEBBB8FB09304F10016AE454B7280DBB65A4A8FA1
                                                                                                                                                                        Function 00C154B0 Relevance: 16.6, APIs: 11, Instructions: 139windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00C154EE
                                                                                                                                                                        • FillRect.USER32(00000000,?,00000000), ref: 00C1550D
                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00C15514
                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00C1556F
                                                                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00C15588
                                                                                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00C15595
                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00C155A7
                                                                                                                                                                        • FillRect.USER32(00000000,?,00000000), ref: 00C155D0
                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00C155DA
                                                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00C15622
                                                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 00C15629
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ObjectRect$Delete$ClientCompatibleCreateFillSelect$Bitmap
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 441990398-0
                                                                                                                                                                        • Opcode ID: bf0be149a7ed1e62836d95033c4ddadf29246d0474bb464fae204303119b1e46
                                                                                                                                                                        • Instruction ID: 52f604ef42083788de8676c0487b40d6b3ba70fe459c328429f80af1a165b6b8
                                                                                                                                                                        • Opcode Fuzzy Hash: bf0be149a7ed1e62836d95033c4ddadf29246d0474bb464fae204303119b1e46
                                                                                                                                                                        • Instruction Fuzzy Hash: 6C41B471104741EFD3119F69DC88FABBBE9FB99700F004829FA96D2160DB72E8059F21
                                                                                                                                                                        Function 00D4EAB0 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 319synchronizationfileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,00000000,?,?,?,?), ref: 00D4EDBA
                                                                                                                                                                          • Part of subcall function 00C092A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00C21134,00000000,?,00000010,?,*.*,?,80070057), ref: 00C092C3
                                                                                                                                                                          • Part of subcall function 00C09980: RtlAllocateHeap.NTDLL(?,00000000,?,6C34C19C,00000000,00DDC6B0,000000FF,?,?,00EBC42C,?,00D598B8,80004005,6C34C19C), ref: 00C099CA
                                                                                                                                                                        • ResetEvent.KERNEL32(00000000,6C34C19C,?,?,00000000,00E2614D,000000FF,?,80004005), ref: 00D4EE4F
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF,?,?,00000000,00E2614D,000000FF,?,80004005), ref: 00D4EE6F
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000,00E2614D,000000FF,?,80004005), ref: 00D4EE7A
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HeapInit_thread_footerObjectSingleWait$AllocateDeleteEventFileFindProcessResetResource
                                                                                                                                                                        • String ID: TEST$http://www.example.com$http://www.google.com$http://www.yahoo.com$tin9999.tmp
                                                                                                                                                                        • API String ID: 3248508590-625802988
                                                                                                                                                                        • Opcode ID: 0a7b9cecbdb31698d289f8db04ac2959c6f9ba2705f6576a2cb9d58a715df96c
                                                                                                                                                                        • Instruction ID: c5239d20d00cf626f2c97ca875ae884ff9b98cd79cfdb7dfe1540a3db0b3927a
                                                                                                                                                                        • Opcode Fuzzy Hash: 0a7b9cecbdb31698d289f8db04ac2959c6f9ba2705f6576a2cb9d58a715df96c
                                                                                                                                                                        • Instruction Fuzzy Hash: 33C1E271900249EFDB14DF68CD09BAEB7B4FF45310F1486A9E816A72D1DB70AE04CBA0
                                                                                                                                                                        Function 00D4E730 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 302libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00CD7A10: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00CD7A51
                                                                                                                                                                        • GetLastError.KERNEL32(6C34C19C,?,?,?,00E2602D,000000FF,?,00D32852,?), ref: 00D4E79D
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetPackagePath), ref: 00D4E92D
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetPackagePath), ref: 00D4E986
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,?,00E2602D,000000FF,?,00D32852,?), ref: 00D4EA74
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$DirectoryErrorFreeLastLibrarySystem
                                                                                                                                                                        • String ID: GetPackagePath$Kernel32.dll$neutral$x64$x86
                                                                                                                                                                        • API String ID: 2155880084-4043905686
                                                                                                                                                                        • Opcode ID: 915c0404fd9d089188391ad508395da5e53a30496acb23ac9241ae0c5e661db5
                                                                                                                                                                        • Instruction ID: f924859bb82ef277e022dafc8e8ca65733b741fcc2ee57d916326196bbf94d8f
                                                                                                                                                                        • Opcode Fuzzy Hash: 915c0404fd9d089188391ad508395da5e53a30496acb23ac9241ae0c5e661db5
                                                                                                                                                                        • Instruction Fuzzy Hash: 8EC14970A00209EFDF04CFA8C985B9DBBF1FF49314F188669E805AB291DB719945CFA1
                                                                                                                                                                        Function 00D306D0 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 283COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00D25290: LoadLibraryW.KERNEL32(Shlwapi.dll,?,?,?,?,00D30731,?,6C34C19C,?,?), ref: 00D252AB
                                                                                                                                                                          • Part of subcall function 00D25290: GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 00D252C1
                                                                                                                                                                          • Part of subcall function 00D25290: FreeLibrary.KERNEL32(00000000), ref: 00D252FA
                                                                                                                                                                        • GetEnvironmentVariableW.KERNEL32(APPDATA,?,00000104,6C34C19C,?,?), ref: 00D30910
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Library$AddressEnvironmentFreeLoadProcVariable
                                                                                                                                                                        • String ID: AI_BOOTSTRAPPERLANGS$APPDATA$AppDataFolder$PROGRAMFILES$ProgramFiles$ProgramFilesFolder$Shell32.dll$Shlwapi.dll
                                                                                                                                                                        • API String ID: 788177547-1020860216
                                                                                                                                                                        • Opcode ID: 604457e6b44912affd8d6d4410b8e0f226893ca9e4754f5791578a000171277b
                                                                                                                                                                        • Instruction ID: 290656d30980c0bfe7754b6584d5dbdcc562ecba021c226870efef13ef7eab16
                                                                                                                                                                        • Opcode Fuzzy Hash: 604457e6b44912affd8d6d4410b8e0f226893ca9e4754f5791578a000171277b
                                                                                                                                                                        • Instruction Fuzzy Hash: DC9125B1A002059FDB24EF24CC65BFAB7A5EF64710F184669E806D7292E731ED45CFA0
                                                                                                                                                                        Function 00C33970 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 124windowstringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SendMessageW.USER32(?,0000043A,00000000,00000074), ref: 00C339E5
                                                                                                                                                                        • lstrcpynW.KERNEL32(?,?,00000020), ref: 00C33A5B
                                                                                                                                                                        • GetDC.USER32(?), ref: 00C33A7E
                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000), ref: 00C33A85
                                                                                                                                                                        • MulDiv.KERNEL32(?,00000048,00000000), ref: 00C33A98
                                                                                                                                                                        • SendMessageW.USER32(?,00000444,00000000,00000074), ref: 00C33ACA
                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00C33B06
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MessageSend$CapsDeleteDeviceObjectlstrcpyn
                                                                                                                                                                        • String ID: ?$t
                                                                                                                                                                        • API String ID: 2619291461-1995845436
                                                                                                                                                                        • Opcode ID: 0fa715943cab6eedcf764be8d870a1272b2b8a9582b0af3bcb8d093c67b44f33
                                                                                                                                                                        • Instruction ID: a386477e473ef3ac975d67a316cd319ba4884b96b622eddcf041e18163d978ef
                                                                                                                                                                        • Opcode Fuzzy Hash: 0fa715943cab6eedcf764be8d870a1272b2b8a9582b0af3bcb8d093c67b44f33
                                                                                                                                                                        • Instruction Fuzzy Hash: 5C5139B1908380AFE721DF65DC49F9BBBE8EB48701F004929F6D9D6191D774A608CF62
                                                                                                                                                                        Function 00D26800 Relevance: 15.2, APIs: 10, Instructions: 155COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EB), ref: 00D26811
                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00D26869
                                                                                                                                                                        • EndDialog.USER32(?,00000000), ref: 00D268E9
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DeleteDialogLongObjectWindow
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1328495006-0
                                                                                                                                                                        • Opcode ID: 02991c6c0a94dd6aa77c5c46fec322a3084a7edd1b09c37678dc86a68dca2c06
                                                                                                                                                                        • Instruction ID: ea2525f7a70955bdfc2d2e14b922f082cf2632af5ebb096cf2e970609ea1704b
                                                                                                                                                                        • Opcode Fuzzy Hash: 02991c6c0a94dd6aa77c5c46fec322a3084a7edd1b09c37678dc86a68dca2c06
                                                                                                                                                                        • Instruction Fuzzy Hash: 7D41E1322143249BCB249E2DBC09B7A7798DB95331F04076AFD92D66D0CA72DC51DAB1
                                                                                                                                                                        Function 00CB39A0 Relevance: 15.1, APIs: 10, Instructions: 127windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • IsWindowVisible.USER32(?), ref: 00CB3A1A
                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00CB3A32
                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00CB3A4A
                                                                                                                                                                        • IntersectRect.USER32(?,?,?), ref: 00CB3A67
                                                                                                                                                                        • EqualRect.USER32(?,?), ref: 00CB3A77
                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00CB3A8D
                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00CB3AB6
                                                                                                                                                                        • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 00CB3ACB
                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00CB3ADA
                                                                                                                                                                        • SetBrushOrgEx.GDI32(?,?,?,00000000), ref: 00CB3AF8
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$Rect$Brush$ColorEqualIntersectLongPointsVisible
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2158939716-0
                                                                                                                                                                        • Opcode ID: 3d81af5304e5d101e74fa5d8a1583eaf1a590d6b42ee33b8749622c19535e117
                                                                                                                                                                        • Instruction ID: 87eaa48a8fb2fb66518503dc47ec6a100ccc23c2ab15f8d76f1abcf0ed9d2901
                                                                                                                                                                        • Opcode Fuzzy Hash: 3d81af5304e5d101e74fa5d8a1583eaf1a590d6b42ee33b8749622c19535e117
                                                                                                                                                                        • Instruction Fuzzy Hash: 0241AF32A083459FC710CF25C884EABB7E8EF99714F14462DF899E3250E731EA458B62
                                                                                                                                                                        Function 00C18D40 Relevance: 15.1, APIs: 10, Instructions: 95windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetDC.USER32(?), ref: 00C18D81
                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00C18DA8
                                                                                                                                                                        • CreateCompatibleDC.GDI32(?), ref: 00C18DB8
                                                                                                                                                                        • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00C18DD9
                                                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 00C18DE6
                                                                                                                                                                        • FillRect.USER32(?,?,00000006), ref: 00C18E2A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CompatibleCreateRect$BitmapClientDeleteFill
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1262984673-0
                                                                                                                                                                        • Opcode ID: 16d8b5e6ae5f7dd50bd98c970079b39db095ffc1d365ecad39b7e28b747aa72e
                                                                                                                                                                        • Instruction ID: e500b109d4ecb30660bd05a873159d27dcd19a5516ba14ae54313e17cdc419de
                                                                                                                                                                        • Opcode Fuzzy Hash: 16d8b5e6ae5f7dd50bd98c970079b39db095ffc1d365ecad39b7e28b747aa72e
                                                                                                                                                                        • Instruction Fuzzy Hash: C331E2761082419FC715DF29DC88FAB7BE5BF99340F00092DFCC696162DB728988DB61
                                                                                                                                                                        Function 00C132F0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 267memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C13335
                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 00C13349
                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00C13384
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C133DA
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C133E4
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C133EE
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C133FB
                                                                                                                                                                          • Part of subcall function 00C09980: RtlAllocateHeap.NTDLL(?,00000000,?,6C34C19C,00000000,00DDC6B0,000000FF,?,?,00EBC42C,?,00D598B8,80004005,6C34C19C), ref: 00C099CA
                                                                                                                                                                        Strings
                                                                                                                                                                        • <body><h3 style="color:green;">Error loading resource:</h3><p style="white-space:nowrap">"%s"</p></body>, xrefs: 00C1347B
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Variant$Clear$AllocAllocateHeapInitString
                                                                                                                                                                        • String ID: <body><h3 style="color:green;">Error loading resource:</h3><p style="white-space:nowrap">"%s"</p></body>
                                                                                                                                                                        • API String ID: 1547307772-1571955069
                                                                                                                                                                        • Opcode ID: 6d465058597a68ab8748640283f5f949cf7161917a8972e6f10971725849d90b
                                                                                                                                                                        • Instruction ID: 4b31d434b874b74a240531b02b5fedfb7eb124460a4199640fb792b8ce206c3e
                                                                                                                                                                        • Opcode Fuzzy Hash: 6d465058597a68ab8748640283f5f949cf7161917a8972e6f10971725849d90b
                                                                                                                                                                        • Instruction Fuzzy Hash: B3918D71904249EFDB00DFA8CC44BDEBBB8FF49314F148269E415E7291D775AA44CBA0
                                                                                                                                                                        Function 00D53EF0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 178fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                          • Part of subcall function 00C092A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00C21134,00000000,?,00000010,?,*.*,?,80070057), ref: 00C092C3
                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,?,ps1,ps1,00000003,?,00D330A8), ref: 00D53FE3
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,0000FEFF,00000002,?,00000000), ref: 00D54027
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 00D54044
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00D5405E
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000,00000000), ref: 00D5409D
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$CloseHandleInit_thread_footerWrite$CreateFindHeapProcessResource
                                                                                                                                                                        • String ID: Unable to get temp file $Unable to save script file $ps1
                                                                                                                                                                        • API String ID: 2821137686-4253966538
                                                                                                                                                                        • Opcode ID: b08ce3e38a7fb5ebdd9ad44b0824fb0accd8cd366859399c0585330388f1a489
                                                                                                                                                                        • Instruction ID: b56e79a734c7c63f628865ac4b4835825b251f430d54519041d313e61b85bc35
                                                                                                                                                                        • Opcode Fuzzy Hash: b08ce3e38a7fb5ebdd9ad44b0824fb0accd8cd366859399c0585330388f1a489
                                                                                                                                                                        • Instruction Fuzzy Hash: EE51E670A00209AFDF10DBA8CD49B9EBBB8EF45315F144254EE00B72D2D7759D48CBA1
                                                                                                                                                                        Function 00DDA63F Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,00DDB3CF), ref: 00DDA658
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: DecodePointer
                                                                                                                                                                        • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                                                                                                                        • API String ID: 3527080286-3064271455
                                                                                                                                                                        • Opcode ID: ed807ab8961476e68ea704524ebfbcf774deb5263c7e241275663d26e9531209
                                                                                                                                                                        • Instruction ID: 6778775701127842dd54fb5d089386713a641e3f2d0da8d29ae3900c6a506765
                                                                                                                                                                        • Opcode Fuzzy Hash: ed807ab8961476e68ea704524ebfbcf774deb5263c7e241275663d26e9531209
                                                                                                                                                                        • Instruction Fuzzy Hash: 35517B7490060AEBCF109F6DE84C5ADBFB4FF45304F198186D881A63A4CB75CA29DF66
                                                                                                                                                                        Function 00D42DC0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetSystemDefaultLangID.KERNEL32 ref: 00D42DFC
                                                                                                                                                                        • GetUserDefaultLangID.KERNEL32 ref: 00D42E09
                                                                                                                                                                        • LoadLibraryW.KERNEL32(kernel32.dll), ref: 00D42E1B
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemDefaultUILanguage), ref: 00D42E2F
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 00D42E44
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressDefaultLangProc$LibraryLoadSystemUser
                                                                                                                                                                        • String ID: GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll
                                                                                                                                                                        • API String ID: 667524283-3528650308
                                                                                                                                                                        • Opcode ID: f427740db735ab0b0efb95829bc28076c5156186aebba9633e8983568430b69b
                                                                                                                                                                        • Instruction ID: 9235eb79bf7340fb5466c739d6ee5b89fc61e04e84a1d4a746f9bed4d8e0b5e9
                                                                                                                                                                        • Opcode Fuzzy Hash: f427740db735ab0b0efb95829bc28076c5156186aebba9633e8983568430b69b
                                                                                                                                                                        • Instruction Fuzzy Hash: 0E41B3306083519FC744EF29D8546BAB7E1EFA8311FD5082DF885D3241EB30D949CB62
                                                                                                                                                                        Function 00C0D970 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 139COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: .dll$CoIncrementMTAUsage$DllGetActivationFactory$RoGetActivationFactory$Windows.Foundation.Uri$combase.dll$lD
                                                                                                                                                                        • API String ID: 0-3109780881
                                                                                                                                                                        • Opcode ID: ed0eaef929fbe84dd7e2f12d7bf24c77e21d404745c72486d933c1ac8a30baf6
                                                                                                                                                                        • Instruction ID: ec10e25716e83670e7d09c328f181a5881514ba629dda930bc59da6d636f0d25
                                                                                                                                                                        • Opcode Fuzzy Hash: ed0eaef929fbe84dd7e2f12d7bf24c77e21d404745c72486d933c1ac8a30baf6
                                                                                                                                                                        • Instruction Fuzzy Hash: 65518DB1E01219DFDB04DF94CA45BEEBBB4FB05714F10452AE911A73C0CBB56A05DBA1
                                                                                                                                                                        Function 00DB8400 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00DB8437
                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00DB843F
                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00DB84C8
                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00DB84F3
                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00DB8548
                                                                                                                                                                        • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00DB855E
                                                                                                                                                                        • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00DB8573
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record___vcrt_initialize_locks___vcrt_uninitialize_locks
                                                                                                                                                                        • String ID: csm
                                                                                                                                                                        • API String ID: 1385549066-1018135373
                                                                                                                                                                        • Opcode ID: 1c878cbbd92dc0619ff5560a4855cd5978f035da877899408700d57393f359ac
                                                                                                                                                                        • Instruction ID: 9a026ba1e35469d6bdeb8ee74ead8fd10a02eec4ae777067277f359978532b8c
                                                                                                                                                                        • Opcode Fuzzy Hash: 1c878cbbd92dc0619ff5560a4855cd5978f035da877899408700d57393f359ac
                                                                                                                                                                        • Instruction Fuzzy Hash: D941BF34A00249DFCF10DF68C895ADEBBE9EF45324F188095E916AB392DB319905DFB1
                                                                                                                                                                        Function 00C45820 Relevance: 13.9, APIs: 9, Instructions: 431memorysynchronizationthreadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,00C45970,00E48DD8,00000000,?), ref: 00C458EA
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00C45903
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00C45919
                                                                                                                                                                        • CoInitializeEx.COMBASE(00000000,00000000), ref: 00C459C9
                                                                                                                                                                        • GetProcessHeap.KERNEL32(?,00000000), ref: 00C45ACB
                                                                                                                                                                        • HeapFree.KERNEL32(00000000,?,00000000), ref: 00C45AD1
                                                                                                                                                                        • GetProcessHeap.KERNEL32(?,00000000), ref: 00C45B4A
                                                                                                                                                                        • HeapFree.KERNEL32(00000000,?,00000000), ref: 00C45B50
                                                                                                                                                                        • CoUninitialize.COMBASE ref: 00C45CA7
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$Process$FreeInit_thread_footer$CloseCreateHandleInitializeObjectSingleThreadUninitializeWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1993118014-0
                                                                                                                                                                        • Opcode ID: 82d3d30876c13cd54775fc3dacd237d9a188369cad5f4b4d69cae940c15e75e7
                                                                                                                                                                        • Instruction ID: 8d441e5d9f080c4c41729c59e4403f9a6450bf87571d8fde7f7b51a568bd5a73
                                                                                                                                                                        • Opcode Fuzzy Hash: 82d3d30876c13cd54775fc3dacd237d9a188369cad5f4b4d69cae940c15e75e7
                                                                                                                                                                        • Instruction Fuzzy Hash: 390280B0D00348DFDB14DFA4C985BEEBBB4FF45314F208269E515AB282DB749A45CBA0
                                                                                                                                                                        Function 00C3DCC0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 153COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00C3DD0A
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00C3DD2C
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00C3DD54
                                                                                                                                                                        • __Getctype.LIBCPMT ref: 00C3DE35
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00C3DE97
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00C3DEC1
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                                                                        • String ID: Pok
                                                                                                                                                                        • API String ID: 1102183713-2885171226
                                                                                                                                                                        • Opcode ID: 156cd45e73c118118cdbdc21cce2d279f3c5b1b02c806b05977b369f69bcb7d7
                                                                                                                                                                        • Instruction ID: 7df1efef9e201b16d934f86497e69cb7043b08b5589f27128d5c3cd180b317cf
                                                                                                                                                                        • Opcode Fuzzy Hash: 156cd45e73c118118cdbdc21cce2d279f3c5b1b02c806b05977b369f69bcb7d7
                                                                                                                                                                        • Instruction Fuzzy Hash: 7A61CDB1C04609CFDB10CF59D941BAEBBF0FF14310F148299D856AB392E771AA85CBA1
                                                                                                                                                                        Function 00C18680 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 151threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SetLastError.KERNEL32(0000000E,6C34C19C,?,?,00000000,?), ref: 00C186BE
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00C186FF
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00EC957C), ref: 00C1871F
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00EC957C), ref: 00C18743
                                                                                                                                                                        • CreateWindowExW.USER32(00000000,00000000,00000000,00EC957C,?,80000000,00000000,80000000,00000000,00000000,00000000), ref: 00C1879E
                                                                                                                                                                          • Part of subcall function 00DB4245: GetProcessHeap.KERNEL32(00000008,00000008,00000000,00D435FE,?,?,?,?,?,?), ref: 00DB424A
                                                                                                                                                                          • Part of subcall function 00DB4245: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?), ref: 00DB4251
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalHeapSection$AllocCreateCurrentEnterErrorLastLeaveProcessThreadWindow
                                                                                                                                                                        • String ID: v$AXWIN UI Window
                                                                                                                                                                        • API String ID: 213679520-2690018532
                                                                                                                                                                        • Opcode ID: e93d5fc08b5efb5208f8b0d2499835f8e9a2af2f04257729e9b0c427a7cdd42f
                                                                                                                                                                        • Instruction ID: ff06de40292eb995fa9b7fc64691d1c40c05e846e738c1b583159ce914b2a9fa
                                                                                                                                                                        • Opcode Fuzzy Hash: e93d5fc08b5efb5208f8b0d2499835f8e9a2af2f04257729e9b0c427a7cdd42f
                                                                                                                                                                        • Instruction Fuzzy Hash: 8D51E472604305AFDB10CF55DD05F9ABBF5FB49B10F104129F914A7281D772A919DBA0
                                                                                                                                                                        Function 00C1C6D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 150fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00C1C7BF
                                                                                                                                                                          • Part of subcall function 00DB4B58: EnterCriticalSection.KERNEL32(00EC7FD8,?,?,00C09DD7,00EC8C04,00E37520), ref: 00DB4B62
                                                                                                                                                                          • Part of subcall function 00DB4B58: LeaveCriticalSection.KERNEL32(00EC7FD8,?,00C09DD7,00EC8C04,00E37520), ref: 00DB4B95
                                                                                                                                                                          • Part of subcall function 00DB4B58: RtlWakeAllConditionVariable.NTDLL ref: 00DB4C0C
                                                                                                                                                                        • CreateFileW.KERNEL32(00000000,40000000,00000001,00000000,00000002,00000080,00000000,?,6C34C19E), ref: 00C1C813
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00C1C870
                                                                                                                                                                          • Part of subcall function 00DB4BA2: EnterCriticalSection.KERNEL32(00EC7FD8,?,?,?,00C09D66,00EC8C04,6C34C19C,?,?,00DDCC0D,000000FF,?,00D5985C,6C34C19C), ref: 00DB4BAD
                                                                                                                                                                          • Part of subcall function 00DB4BA2: LeaveCriticalSection.KERNEL32(00EC7FD8,?,00C09D66,00EC8C04,6C34C19C,?,?,00DDCC0D,000000FF,?,00D5985C,6C34C19C), ref: 00DB4BEA
                                                                                                                                                                        • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,00000000,?), ref: 00C1C8D4
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,753CE610), ref: 00C1C8FA
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$CloseEnterFileHandleLeave$ConditionCreateInit_thread_footerVariableWakeWrite
                                                                                                                                                                        • String ID: aix$html
                                                                                                                                                                        • API String ID: 2030708724-2369804267
                                                                                                                                                                        • Opcode ID: bfdd47898308420fcc0e003546ed1e948c774558f61f58f148bcd41934e33e1e
                                                                                                                                                                        • Instruction ID: 416531e931179ac71b7e156265c7d5aa3442465308cf572329975a0d285688e9
                                                                                                                                                                        • Opcode Fuzzy Hash: bfdd47898308420fcc0e003546ed1e948c774558f61f58f148bcd41934e33e1e
                                                                                                                                                                        • Instruction Fuzzy Hash: 4F618CB0900248DFEB15CF95D989B9EBBB4EB45708F10416DE001BB2C2DBB66949CF65
                                                                                                                                                                        Function 00C02860 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 135COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(00EC9358,00000000,6C34C19C,00000000,00E184A3,000000FF,?,6C34C19C), ref: 00C029D3
                                                                                                                                                                        • GetLastError.KERNEL32(?,6C34C19C), ref: 00C029DD
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CountCriticalErrorInitializeLastSectionSpin
                                                                                                                                                                        • String ID: VolumeCostAvailable$VolumeCostDifference$VolumeCostRequired$VolumeCostSize$VolumeCostVolume
                                                                                                                                                                        • API String ID: 439134102-34576578
                                                                                                                                                                        • Opcode ID: cb8baa6d874891111c75a3b3a9f72159f77dcf00bc64ba53de0b52812faa2997
                                                                                                                                                                        • Instruction ID: 8d7f97dc8f23969d2928a73552b144bc6ba46bed8dffa50002e9322b4dc28ad6
                                                                                                                                                                        • Opcode Fuzzy Hash: cb8baa6d874891111c75a3b3a9f72159f77dcf00bc64ba53de0b52812faa2997
                                                                                                                                                                        • Instruction Fuzzy Hash: C951BEB1900248DFCB10CF6AD90ABDEBBF4FB44710F104669E825B72D1E7765A09CB61
                                                                                                                                                                        Function 00D60940 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,00000023,?,?), ref: 00D60950
                                                                                                                                                                        • LoadLibraryW.KERNEL32(Shell32.dll), ref: 00D60963
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 00D60973
                                                                                                                                                                        • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 00D609FC
                                                                                                                                                                        • SHGetMalloc.SHELL32(?), ref: 00D60A3E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressFolderFromLibraryListLoadLocationMallocPathProcSpecial
                                                                                                                                                                        • String ID: SHGetSpecialFolderPathW$Shell32.dll
                                                                                                                                                                        • API String ID: 2352187698-2988203397
                                                                                                                                                                        • Opcode ID: ee72bf0733abeb82169676d974908d4e563f2fca91bf0445c393b15574675224
                                                                                                                                                                        • Instruction ID: 2a7669d21479418422dc4d14efd4b8dcfdf986f61fddb45b113e4ce391b8f9d1
                                                                                                                                                                        • Opcode Fuzzy Hash: ee72bf0733abeb82169676d974908d4e563f2fca91bf0445c393b15574675224
                                                                                                                                                                        • Instruction Fuzzy Hash: EE31D371A407019FEB249F24DC09B6B7EF6FF84711F4C842DE48597291EBB19849CAA1
                                                                                                                                                                        Function 00CFA4D0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74libraryloaderwindowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00CFA560
                                                                                                                                                                          • Part of subcall function 00DB4B58: EnterCriticalSection.KERNEL32(00EC7FD8,?,?,00C09DD7,00EC8C04,00E37520), ref: 00DB4B62
                                                                                                                                                                          • Part of subcall function 00DB4B58: LeaveCriticalSection.KERNEL32(00EC7FD8,?,00C09DD7,00EC8C04,00E37520), ref: 00DB4B95
                                                                                                                                                                          • Part of subcall function 00DB4B58: RtlWakeAllConditionVariable.NTDLL ref: 00DB4C0C
                                                                                                                                                                        • GetProcAddress.KERNEL32(SetWindowTheme), ref: 00CFA59D
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00CFA5B4
                                                                                                                                                                        • SendMessageW.USER32(000000EF,00001036,00010000,00010000), ref: 00CFA5DF
                                                                                                                                                                          • Part of subcall function 00DB4BA2: EnterCriticalSection.KERNEL32(00EC7FD8,?,?,?,00C09D66,00EC8C04,6C34C19C,?,?,00DDCC0D,000000FF,?,00D5985C,6C34C19C), ref: 00DB4BAD
                                                                                                                                                                          • Part of subcall function 00DB4BA2: LeaveCriticalSection.KERNEL32(00EC7FD8,?,00C09D66,00EC8C04,6C34C19C,?,?,00DDCC0D,000000FF,?,00D5985C,6C34C19C), ref: 00DB4BEA
                                                                                                                                                                          • Part of subcall function 00CD7A10: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 00CD7A51
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterInit_thread_footerLeave$AddressConditionDirectoryMessageProcSendSystemVariableWake
                                                                                                                                                                        • String ID: SetWindowTheme$UxTheme.dll$explorer
                                                                                                                                                                        • API String ID: 3410024541-3123591815
                                                                                                                                                                        • Opcode ID: a4b80d67ae8c53119bd7759bc4f15a7e35ae7e7b5355ac894fbfb52af999db15
                                                                                                                                                                        • Instruction ID: 199c0e179515f4fa973d0c8fd03dc8ab447e63a6103af0f22dd646352417f873
                                                                                                                                                                        • Opcode Fuzzy Hash: a4b80d67ae8c53119bd7759bc4f15a7e35ae7e7b5355ac894fbfb52af999db15
                                                                                                                                                                        • Instruction Fuzzy Hash: 6821D5B2A40704EFC714DF55DD06F99B7A0E702720F010225FA35B73E2D776AA458A66
                                                                                                                                                                        Function 00DB191C Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00DB1997,00DB18FA,00DB1B9B), ref: 00DB1933
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00DB1949
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00DB195E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                                                                        • String ID: 0z$AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                                                        • API String ID: 667068680-61002706
                                                                                                                                                                        • Opcode ID: d65b75cd8ede301ed5ae86000ed0901852abf970e39b23dd305c5a869e0ad6a6
                                                                                                                                                                        • Instruction ID: c7ec24b93f60a935fe8f9278de4e9da091fd4e2523a8e99f65458a031c52e743
                                                                                                                                                                        • Opcode Fuzzy Hash: d65b75cd8ede301ed5ae86000ed0901852abf970e39b23dd305c5a869e0ad6a6
                                                                                                                                                                        • Instruction Fuzzy Hash: 61F0C8397092A1EF0F215FA15DB5AFA66DA5B017903481039D8A3F3600D791CD45DEF1
                                                                                                                                                                        Function 00C1F720 Relevance: 12.1, APIs: 8, Instructions: 138COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00C1F74A
                                                                                                                                                                        • GetWindow.USER32(?,00000005), ref: 00C1F757
                                                                                                                                                                        • GetWindow.USER32(00000000,00000002), ref: 00C1F892
                                                                                                                                                                          • Part of subcall function 00C1F5A0: GetWindowRect.USER32(?,?), ref: 00C1F5CC
                                                                                                                                                                          • Part of subcall function 00C1F5A0: GetWindowRect.USER32(?,?), ref: 00C1F5DC
                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00C1F7EB
                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00C1F7FB
                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00C1F815
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$Rect
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3200805268-0
                                                                                                                                                                        • Opcode ID: e81c9c02c5507d90f6f9add5a427f701a6bb6a9c3ac9ef7230238ca1758833fb
                                                                                                                                                                        • Instruction ID: 6eab4d88b8fe33867ec1a9ad537c9c0b7dff95f9382314a650d09f8bf2cbbcab
                                                                                                                                                                        • Opcode Fuzzy Hash: e81c9c02c5507d90f6f9add5a427f701a6bb6a9c3ac9ef7230238ca1758833fb
                                                                                                                                                                        • Instruction Fuzzy Hash: A4419E315047009FD321DF25C980AABF7E9BF9B704F504A2DF195935A1EB30E98ADB52
                                                                                                                                                                        Function 00D1CF90 Relevance: 12.1, APIs: 8, Instructions: 117COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetCurrentProcess.KERNEL32 ref: 00D1CFD8
                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 00D1CFE5
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D1CFEF
                                                                                                                                                                        • GetTokenInformation.ADVAPI32(00000000,00000001(TokenIntegrityLevel),00000000,00000000,000000FF), ref: 00D1D019
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D1D01F
                                                                                                                                                                        • GetTokenInformation.ADVAPI32(00000000,00000001(TokenIntegrityLevel),000000FF,000000FF,000000FF,000000FF), ref: 00D1D045
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00D1D0D0
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Token$ErrorInformationLastProcess$CloseCurrentHandleOpen
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 883865835-0
                                                                                                                                                                        • Opcode ID: 8a6f8a9c7a5bc0b317f4dd6f0eb033241a7290d33e1bd49dce25e3a1a62b91b1
                                                                                                                                                                        • Instruction ID: 3adc27e13bc65a90203882c644122b9168395ad5db700627c3c3d4025d476123
                                                                                                                                                                        • Opcode Fuzzy Hash: 8a6f8a9c7a5bc0b317f4dd6f0eb033241a7290d33e1bd49dce25e3a1a62b91b1
                                                                                                                                                                        • Instruction Fuzzy Hash: 23411371904219AFDF14DFA5DC49BEEBBB9EF08710F144015E811B22A0DBB99949CFA4
                                                                                                                                                                        Function 00DB40E3 Relevance: 12.1, APIs: 8, Instructions: 73memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000000D,00000000,?,00DB428D,?,?,?,?,?,?,?), ref: 00DB4107
                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00DB428D,?,?,?,?,?,?,?), ref: 00DB410E
                                                                                                                                                                          • Part of subcall function 00DB41D9: IsProcessorFeaturePresent.KERNEL32(0000000C,00DB40F5,00000000,?,00DB428D,?,?,?,?,?,?,?), ref: 00DB41DB
                                                                                                                                                                        • InterlockedPopEntrySList.KERNEL32(00000000,00000000,?,00DB428D,?,?,?,?,?,?,?), ref: 00DB411E
                                                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,00DB428D,?,?,?,?,?,?,?), ref: 00DB4145
                                                                                                                                                                        • RaiseException.KERNEL32(C0000017,00000000,00000000,00000000,?,00DB428D,?,?,?,?,?,?,?), ref: 00DB4159
                                                                                                                                                                        • InterlockedPopEntrySList.KERNEL32(00000000,?,00DB428D,?,?,?,?,?,?,?), ref: 00DB416C
                                                                                                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00DB428D,?,?,?,?,?,?,?), ref: 00DB417F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AllocEntryHeapInterlockedListVirtual$ExceptionFeatureFreePresentProcessProcessorRaise
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2460949444-0
                                                                                                                                                                        • Opcode ID: 5d4afbd43fc0916c737babdc2846984b63c97e1f28e75948e8e5c19ae852f8b1
                                                                                                                                                                        • Instruction ID: bf75ffa679f9e0edfd8cee112f023a89554793fda2b3aef6a9f8d9942ae36c5e
                                                                                                                                                                        • Opcode Fuzzy Hash: 5d4afbd43fc0916c737babdc2846984b63c97e1f28e75948e8e5c19ae852f8b1
                                                                                                                                                                        • Instruction Fuzzy Hash: 5D115E71F01715FFE7219B6DAC88FAB3A68EB547D1F140024F986F6262DB61CC448AB0
                                                                                                                                                                        Function 00D1EA80 Relevance: 10.9, APIs: 7, Instructions: 413fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,6C34C19C), ref: 00D1EBC9
                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00001000,?,00000000,00001000), ref: 00D1EC3B
                                                                                                                                                                        • ReadFile.KERNEL32(?,00000000,00001000,00000000,00000000,?,00000000,00000000), ref: 00D1EEDC
                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 00D1EF3A
                                                                                                                                                                          • Part of subcall function 00D1EA80: LoadStringW.USER32(000000A1,?,00000514,6C34C19C), ref: 00D1E9E6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: File$Init_thread_footerRead$CloseCreateHandleHeapLoadProcessString
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1714711150-0
                                                                                                                                                                        • Opcode ID: 09d1557d5f81a4609f556611b698e658209dcf0e3fe0116fe0804d537cf02c44
                                                                                                                                                                        • Instruction ID: bd1e24d7109cb17f14acc39f028760dfd93cb8e9ee2d396929edcf4307c27025
                                                                                                                                                                        • Opcode Fuzzy Hash: 09d1557d5f81a4609f556611b698e658209dcf0e3fe0116fe0804d537cf02c44
                                                                                                                                                                        • Instruction Fuzzy Hash: 34F1A171D00318EBDB14CFA8D849BEEBBB5FF45314F24421DE815AB281DB74A985CBA0
                                                                                                                                                                        Function 00C1C940 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 284registryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000000,00000000,Caphyon.AI.ExtUI.IEClickSoundRemover,6C34C19C), ref: 00C1C9CE
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00C1C9ED
                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,Function_0024446C,00000000,Function_0024446C,00000000,00000000,80000001,00000001,00000000,AppEvents\Schemes\Apps\Explorer\Navigating\.Current,00000033), ref: 00C1CC7D
                                                                                                                                                                        • CloseHandle.KERNEL32(00000005,6C34C19C,?,?,00000000,00DE0F5D,000000FF,?,Function_0024446C,00000000,Function_0024446C,00000000,00000000,80000001,00000001,00000000), ref: 00C1CD0E
                                                                                                                                                                        Strings
                                                                                                                                                                        • Caphyon.AI.ExtUI.IEClickSoundRemover, xrefs: 00C1C9C3
                                                                                                                                                                        • AppEvents\Schemes\Apps\Explorer\Navigating\.Current, xrefs: 00C1CA35
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Close$CreateErrorEventHandleLast
                                                                                                                                                                        • String ID: AppEvents\Schemes\Apps\Explorer\Navigating\.Current$Caphyon.AI.ExtUI.IEClickSoundRemover
                                                                                                                                                                        • API String ID: 1253123496-2079760225
                                                                                                                                                                        • Opcode ID: d15c062acb7be46c2829392cf09c20a737187f9642ecbf7c8b3001065b86f638
                                                                                                                                                                        • Instruction ID: 203ae402142ae9e86b6706560f6f72a19a071bc9f080910761255add916f62f0
                                                                                                                                                                        • Opcode Fuzzy Hash: d15c062acb7be46c2829392cf09c20a737187f9642ecbf7c8b3001065b86f638
                                                                                                                                                                        • Instruction Fuzzy Hash: D2C1AC70A00348DFDB14CFA8C999BEEBBB4FF45304F24425DE459A7281D7746A88CBA1
                                                                                                                                                                        Function 00C1AAC0 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 269COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00EC9338,6C34C19C,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00DE0855), ref: 00C1AB2A
                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(0000FFFF,00000104,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00DE0855), ref: 00C1ABAA
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00EC9354,?,?,?,?,?,?,?,?,?,?,?,00000000,00DE0855,000000FF), ref: 00C1AD63
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00EC9354,?,?,?,?,?,?,?,?,?,?,00000000,00DE0855,000000FF), ref: 00C1AD84
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$Enter$FileLeaveModuleName
                                                                                                                                                                        • String ID: v
                                                                                                                                                                        • API String ID: 1807155316-3261393531
                                                                                                                                                                        • Opcode ID: 390cc16e1af397b20c27797d67848972f583c8df2c9bbf1e9312cc9152b0cf71
                                                                                                                                                                        • Instruction ID: c11bda3e320360e51790c2d5ce972b2f79363b02725703b694aa9065f7c38a05
                                                                                                                                                                        • Opcode Fuzzy Hash: 390cc16e1af397b20c27797d67848972f583c8df2c9bbf1e9312cc9152b0cf71
                                                                                                                                                                        • Instruction Fuzzy Hash: C5B1A370905248DFDB10DFA5D888FEEBBB4FF0A304F144098E414A7251DB76AE85DB61
                                                                                                                                                                        Function 00D188D0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 212registrylibraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleHandleW.KERNEL32(Advapi32.dll,?,6C34C19C), ref: 00D18ACE
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 00D18ADE
                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,000000FF,00000000,?,6C34C19C), ref: 00D18B13
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00D18B27
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressCloseHandleModuleOpenProc
                                                                                                                                                                        • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                                                                                                                                        • API String ID: 823179699-3913318428
                                                                                                                                                                        • Opcode ID: be902ca49a632bdd421407698bee1c70bf49e89afb336eb5a8b40d6915546720
                                                                                                                                                                        • Instruction ID: ffa1a1d73aef8f3121e262df2badbd557dc1cf63ea4c8aabde4464ad256bee09
                                                                                                                                                                        • Opcode Fuzzy Hash: be902ca49a632bdd421407698bee1c70bf49e89afb336eb5a8b40d6915546720
                                                                                                                                                                        • Instruction Fuzzy Hash: B0917CB0D04348EFDB14CFA8D949B9EBBF4FF44304F148659E815AB281DB75A944DBA0
                                                                                                                                                                        Function 00C0F710 Relevance: 10.7, APIs: 7, Instructions: 204memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00C0F804
                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00C0F879
                                                                                                                                                                        • GetProcessHeap.KERNEL32(?,?), ref: 00C0F8E9
                                                                                                                                                                        • HeapFree.KERNEL32(00000000,?,?), ref: 00C0F8EF
                                                                                                                                                                        • GetProcessHeap.KERNEL32(?,00000000,?,00000000,00000000,00000000,6C34C19C,00E5B768,00000000), ref: 00C0F91C
                                                                                                                                                                        • HeapFree.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000,6C34C19C,00E5B768,00000000), ref: 00C0F922
                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00C0F93A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Free$Heap$String$Process
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2680101141-0
                                                                                                                                                                        • Opcode ID: d715a9286fd9efc69d79ba8f0981ffa7fe9bda04f9614aaeacdae4ad202043d2
                                                                                                                                                                        • Instruction ID: a0fbb29f2e673ba8af5def6cd43902755574ba617fc965c745f46a35c1e3d792
                                                                                                                                                                        • Opcode Fuzzy Hash: d715a9286fd9efc69d79ba8f0981ffa7fe9bda04f9614aaeacdae4ad202043d2
                                                                                                                                                                        • Instruction Fuzzy Hash: EF814B74D0025ADFDF20DFA8C855BEEBBB4BF05310F244669E421A72C1D778AA45CBA1
                                                                                                                                                                        Function 00C16950 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 194comCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CoCreateInstance.COMBASE(00E46214,00000000,00000001,Function_0024689C,?), ref: 00C16A20
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateInstance
                                                                                                                                                                        • String ID: :${
                                                                                                                                                                        • API String ID: 542301482-3766677574
                                                                                                                                                                        • Opcode ID: d66d5d6b3d34cf0c44bb43adbe018ac9547f64f94a3d4e588c08be996447e696
                                                                                                                                                                        • Instruction ID: 3f1c89924006284b140cb44c6c063ffe1f3d538be1dfb118216662faa9ef6088
                                                                                                                                                                        • Opcode Fuzzy Hash: d66d5d6b3d34cf0c44bb43adbe018ac9547f64f94a3d4e588c08be996447e696
                                                                                                                                                                        • Instruction Fuzzy Hash: 1161A070A042159BDF248F59C845BFE77B4EF0A710F14806AE852FB280E776DE81EB65
                                                                                                                                                                        Function 00CFB730 Relevance: 10.7, APIs: 7, Instructions: 189windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 00CFB7B6
                                                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00CFB834
                                                                                                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 00CFB842
                                                                                                                                                                        • SetTextColor.GDI32(00000000), ref: 00CFB887
                                                                                                                                                                        • GetWindowLongW.USER32(00000000), ref: 00CFB89B
                                                                                                                                                                        • SendMessageW.USER32(00000000), ref: 00CFB8B9
                                                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 00CFB914
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ObjectSelectWindow$CallColorLongMessageModeProcSendText
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2603541667-0
                                                                                                                                                                        • Opcode ID: 455a84fb02bac4fe62d25ee08e90367a866b9874a69f0da3f51af4e88bd207e9
                                                                                                                                                                        • Instruction ID: d2d45a417555d3cb0df103b106b9231fc4054e36f862421c7433b9f1e0888a19
                                                                                                                                                                        • Opcode Fuzzy Hash: 455a84fb02bac4fe62d25ee08e90367a866b9874a69f0da3f51af4e88bd207e9
                                                                                                                                                                        • Instruction Fuzzy Hash: 91717A71A00248AFDB04DFA9CC48FADBBB5FF48310F108269F955AB2A5CB71A915DF50
                                                                                                                                                                        Function 00D1C870 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 166synchronizationCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • ShellExecuteExW.SHELL32(0000003C), ref: 00D1C9E6
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D1C9F7
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00D1CA13
                                                                                                                                                                        • GetExitCodeProcess.KERNEL32(00000000,00E1C5B7), ref: 00D1CA24
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00D1CA32
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseCodeErrorExecuteExitHandleLastObjectProcessShellSingleWait
                                                                                                                                                                        • String ID: open
                                                                                                                                                                        • API String ID: 1481985272-2758837156
                                                                                                                                                                        • Opcode ID: 825791b22666c31a4a0000512c9ea3e357f811eb2aad9b05121123c04f18a215
                                                                                                                                                                        • Instruction ID: 1b13875fda5e69f5388c3c575dc1c9707be9d682881404f3ad5f99f43507207d
                                                                                                                                                                        • Opcode Fuzzy Hash: 825791b22666c31a4a0000512c9ea3e357f811eb2aad9b05121123c04f18a215
                                                                                                                                                                        • Instruction Fuzzy Hash: 0C618971D002499FDB10CFA9D84879EBBB4FF49324F188259E825AB391DB749D44CFA0
                                                                                                                                                                        Function 00C18120 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 157COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00EC957C,6C34C19C,00000000,00EC9598), ref: 00C18193
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00EC957C), ref: 00C181F8
                                                                                                                                                                        • LoadCursorW.USER32(00C00000,?), ref: 00C18254
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00EC957C), ref: 00C182EB
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$Leave$CursorEnterLoad
                                                                                                                                                                        • String ID: v$ATL:%p
                                                                                                                                                                        • API String ID: 2080323225-109518622
                                                                                                                                                                        • Opcode ID: e2ff7f311a228d7ba7400527cbe4c3ef592550f55128c5394096a13d751608d0
                                                                                                                                                                        • Instruction ID: 8176c4285d0d0ec8830170f201d06ee0ae0965abe95b69d25d6603bfbe0dde7c
                                                                                                                                                                        • Opcode Fuzzy Hash: e2ff7f311a228d7ba7400527cbe4c3ef592550f55128c5394096a13d751608d0
                                                                                                                                                                        • Instruction Fuzzy Hash: DC519071D04B448FDB21CF69C945BAAB7F4FF19710F00461DE8A6A3651EB71AA88CB50
                                                                                                                                                                        Function 00C27950 Relevance: 10.6, APIs: 7, Instructions: 125COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetWindowDC.USER32(?,6C34C19C,?,00000000,?,?,?,?,?,00000000,00DE2BE5,000000FF,?,00C27692,?,?), ref: 00C27992
                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00C279B1
                                                                                                                                                                        • IsWindowEnabled.USER32(?), ref: 00C279C0
                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00C27A1E
                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00C27A62
                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00C27A71
                                                                                                                                                                        • DeleteDC.GDI32(?), ref: 00C27A94
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ObjectWindow$DeleteSelect$EnabledRect
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2818206005-0
                                                                                                                                                                        • Opcode ID: 7a5367b937efd59f45ff1ecb3ddb5969d9a9ec6cab753d59b7da1f49e91eba1c
                                                                                                                                                                        • Instruction ID: b235638ad7b62adefb389b1cec0bf2b71cf9be8e8bc213fb7cdeb7c9b6fcd7f8
                                                                                                                                                                        • Opcode Fuzzy Hash: 7a5367b937efd59f45ff1ecb3ddb5969d9a9ec6cab753d59b7da1f49e91eba1c
                                                                                                                                                                        • Instruction Fuzzy Hash: 81418E71A04218AFDB00DFAADD88BEEBBB9FF88310F104269E945B3250C7756905CF60
                                                                                                                                                                        Function 00D1C720 Relevance: 10.6, APIs: 7, Instructions: 108processsynchronizationCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • Wow64DisableWow64FsRedirection.KERNEL32(00000000,6C34C19C,00000010), ref: 00D1C767
                                                                                                                                                                        • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,6C34C19C,00E1C52D), ref: 00D1C7DF
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00D1C7F0
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00E1C52D,000000FF), ref: 00D1C80C
                                                                                                                                                                        • GetExitCodeProcess.KERNEL32(00E1C52D,00000000), ref: 00D1C81D
                                                                                                                                                                        • CloseHandle.KERNEL32(00E1C52D), ref: 00D1C827
                                                                                                                                                                        • Wow64RevertWow64FsRedirection.KERNEL32(00000000), ref: 00D1C842
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Wow64$ProcessRedirection$CloseCodeCreateDisableErrorExitHandleLastObjectRevertSingleWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1153077990-0
                                                                                                                                                                        • Opcode ID: c178ab557fe4e510b056f81b6e91f1537e012cf4930a6edcad5833a682e6076d
                                                                                                                                                                        • Instruction ID: bb91dd685fb8f841b54a0b4bdc9086f77c7c29b99f817e03188b57564459e2d3
                                                                                                                                                                        • Opcode Fuzzy Hash: c178ab557fe4e510b056f81b6e91f1537e012cf4930a6edcad5833a682e6076d
                                                                                                                                                                        • Instruction Fuzzy Hash: B1417E31E04389AFDB10CFA5DD487EEBBF8AF4A314F145259E824B6190DBB49944CFA0
                                                                                                                                                                        Function 00D25290 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryW.KERNEL32(Shlwapi.dll,?,?,?,?,00D30731,?,6C34C19C,?,?), ref: 00D252AB
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 00D252C1
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00D252FA
                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,?,00D30731,?,6C34C19C,?,?), ref: 00D25316
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Library$Free$AddressLoadProc
                                                                                                                                                                        • String ID: DllGetVersion$Shlwapi.dll
                                                                                                                                                                        • API String ID: 1386263645-2240825258
                                                                                                                                                                        • Opcode ID: e8ebabf1a7dbb1538aaee37f170ee16bcff5c3cb83cc4553b6791821b667919e
                                                                                                                                                                        • Instruction ID: 0284a5dc3647e6cedc338c25fd620ac7c21c7f93c4efd2b1b8aa092d28f341c5
                                                                                                                                                                        • Opcode Fuzzy Hash: e8ebabf1a7dbb1538aaee37f170ee16bcff5c3cb83cc4553b6791821b667919e
                                                                                                                                                                        • Instruction Fuzzy Hash: C621C2726047158BC304EF29E845A6BB7E4FFEE704B80092DF445D3202EB7198088BB2
                                                                                                                                                                        Function 00C3DAC0 Relevance: 9.1, APIs: 6, Instructions: 140COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00C3DAFD
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00C3DB1F
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00C3DB47
                                                                                                                                                                        • __Getcoll.LIBCPMT ref: 00C3DC11
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00C3DC56
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00C3DC8E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetcollRegister
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1184649410-0
                                                                                                                                                                        • Opcode ID: 4acddeb50a393753003089ca13a77c2235c3bf49f8aee427a496c150dd4f134e
                                                                                                                                                                        • Instruction ID: b616699df3d4d897a71cb8c5601a8566d850402602b9a49ae71b14ca48d9d1b5
                                                                                                                                                                        • Opcode Fuzzy Hash: 4acddeb50a393753003089ca13a77c2235c3bf49f8aee427a496c150dd4f134e
                                                                                                                                                                        • Instruction Fuzzy Hash: A951BEB1C11608DFCB01DF95E985BADFBB0FF40314F244169E816AB391DB75AA09CBA1
                                                                                                                                                                        Function 00D51670 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 136COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLast
                                                                                                                                                                        • String ID: */*$FTP Server$GET$HTTP/1.0$Local Network Server
                                                                                                                                                                        • API String ID: 1452528299-1822174798
                                                                                                                                                                        • Opcode ID: 789d148c23621c29455827643b62953e3951c6d9c8daaccb27adf286dc7ad896
                                                                                                                                                                        • Instruction ID: 1673028f318213ea6e62ad4624a68889c799f67a5abd54e656a9f7b78ffffae6
                                                                                                                                                                        • Opcode Fuzzy Hash: 789d148c23621c29455827643b62953e3951c6d9c8daaccb27adf286dc7ad896
                                                                                                                                                                        • Instruction Fuzzy Hash: 6141C275A01209EBDB10DFA8CC45FAEBBF8EF45311F144529ED11AB281DB749909CBB1
                                                                                                                                                                        Function 00DB6303 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00DB62FA,00DB62C6,?,?,00C3AEBD,00D19A40,?,00000008), ref: 00DB6311
                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00DB631F
                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00DB6338
                                                                                                                                                                        • SetLastError.KERNEL32(00000000,00DB62FA,00DB62C6,?,?,00C3AEBD,00D19A40,?,00000008), ref: 00DB638A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                                        • Opcode ID: 37e02399ce71b51aa70fde86ca114a2cde6ae68db9715d5e32ffbbc421868bec
                                                                                                                                                                        • Instruction ID: 6a6571da439422dada6a2f0647cac4b192b1350c27a7b5ced220460ad6aeb150
                                                                                                                                                                        • Opcode Fuzzy Hash: 37e02399ce71b51aa70fde86ca114a2cde6ae68db9715d5e32ffbbc421868bec
                                                                                                                                                                        • Instruction Fuzzy Hash: 7601FC32109611DEA73517F67CD6EDA67D8DB02774328033DFA22612E2EF5ACC455570
                                                                                                                                                                        Function 00C087E0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 238COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00C088C5
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00C0893F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                        • String ID: </a>$<a href="$<a>
                                                                                                                                                                        • API String ID: 1385522511-4210067781
                                                                                                                                                                        • Opcode ID: 21577190b8ecc9440a17c1e32c99e729a4ee72d60613741e91a45b40660a44f9
                                                                                                                                                                        • Instruction ID: 83b22f2b4d71fe5966c1d41202a0a5c3931ed3d793239d0ab27321d960ca6311
                                                                                                                                                                        • Opcode Fuzzy Hash: 21577190b8ecc9440a17c1e32c99e729a4ee72d60613741e91a45b40660a44f9
                                                                                                                                                                        • Instruction Fuzzy Hash: B3A182B0A00704DFCB18DF64D959F9DB7B1FB44314F108269E425AB2D2EB71AA4ACB61
                                                                                                                                                                        Function 00C362C0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 182windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateWindowExW.USER32(?,SysTabControl32,?,46010000,?,?,?,?,00000000,00000309,00000000), ref: 00C363BD
                                                                                                                                                                        • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00C363D2
                                                                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00C363DA
                                                                                                                                                                          • Part of subcall function 00C09980: RtlAllocateHeap.NTDLL(?,00000000,?,6C34C19C,00000000,00DDC6B0,000000FF,?,?,00EBC42C,?,00D598B8,80004005,6C34C19C), ref: 00C099CA
                                                                                                                                                                          • Part of subcall function 00C38190: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00C381D8
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MessageSend$AllocateCreateHeapWindow
                                                                                                                                                                        • String ID: SysTabControl32$TabHost
                                                                                                                                                                        • API String ID: 2359350451-2872506973
                                                                                                                                                                        • Opcode ID: bf12aa8cc5fa01fbf97216ed9140890ed8ccf4f539007addebce3baf0e4e35eb
                                                                                                                                                                        • Instruction ID: 4366434d4384b8a9f581b8104a2f8271a58f753df9da5a46dbc7597d26441ea1
                                                                                                                                                                        • Opcode Fuzzy Hash: bf12aa8cc5fa01fbf97216ed9140890ed8ccf4f539007addebce3baf0e4e35eb
                                                                                                                                                                        • Instruction Fuzzy Hash: B1518C75A00605AFDB14DF69C884FAEBBF4FF49310F108269E915A73A1DB71AD05CBA0
                                                                                                                                                                        Function 00C22BA0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113timeCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(6C34C19C,6C34C19C,?), ref: 00C22BDF
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,6C34C19C,?), ref: 00C22BEC
                                                                                                                                                                        • KillTimer.USER32(?,00000001), ref: 00C22C34
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,00000000,?), ref: 00C22CC3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterInitializeKillLeaveTimer
                                                                                                                                                                        • String ID: v
                                                                                                                                                                        • API String ID: 3614119372-3261393531
                                                                                                                                                                        • Opcode ID: 73ce58efe0808c6ec68b7bad8a03904af263461f4bd9f5f1545ca01d0e0a1744
                                                                                                                                                                        • Instruction ID: 273ce06a2d81aefbc7134f92879f2d66a519a1e6f909d2cb3a90b9d43923c29b
                                                                                                                                                                        • Opcode Fuzzy Hash: 73ce58efe0808c6ec68b7bad8a03904af263461f4bd9f5f1545ca01d0e0a1744
                                                                                                                                                                        • Instruction Fuzzy Hash: 6D411534200751AFDB21DF39E840BAABBB1FF45310F104529E8A6D7792CB31A906DB90
                                                                                                                                                                        Function 00D23C20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00DB4BA2: EnterCriticalSection.KERNEL32(00EC7FD8,?,?,?,00C09D66,00EC8C04,6C34C19C,?,?,00DDCC0D,000000FF,?,00D5985C,6C34C19C), ref: 00DB4BAD
                                                                                                                                                                          • Part of subcall function 00DB4BA2: LeaveCriticalSection.KERNEL32(00EC7FD8,?,00C09D66,00EC8C04,6C34C19C,?,?,00DDCC0D,000000FF,?,00D5985C,6C34C19C), ref: 00DB4BEA
                                                                                                                                                                        • LoadLibraryA.KERNEL32(Dbghelp.dll,SymFromAddr), ref: 00D23C7E
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00D23C85
                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 00D23C9C
                                                                                                                                                                          • Part of subcall function 00DB4B58: EnterCriticalSection.KERNEL32(00EC7FD8,?,?,00C09DD7,00EC8C04,00E37520), ref: 00DB4B62
                                                                                                                                                                          • Part of subcall function 00DB4B58: LeaveCriticalSection.KERNEL32(00EC7FD8,?,00C09DD7,00EC8C04,00E37520), ref: 00DB4B95
                                                                                                                                                                          • Part of subcall function 00DB4B58: RtlWakeAllConditionVariable.NTDLL ref: 00DB4C0C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$AddressConditionInit_thread_footerLibraryLoadProcVariableWake
                                                                                                                                                                        • String ID: Dbghelp.dll$SymFromAddr
                                                                                                                                                                        • API String ID: 3268644551-642441706
                                                                                                                                                                        • Opcode ID: 1d3a9211fcb5b1078374ae576929aee5cd0067bfbcfd9dbcb2be887018be4a37
                                                                                                                                                                        • Instruction ID: 5a844976d84615d4ad5333ed6ccda91fc88c561ca96627e8f82cb1c30ec0d06e
                                                                                                                                                                        • Opcode Fuzzy Hash: 1d3a9211fcb5b1078374ae576929aee5cd0067bfbcfd9dbcb2be887018be4a37
                                                                                                                                                                        • Instruction Fuzzy Hash: 03017571944744DFC710CF69ED49F84F7E5E708720F100769E916B37D2DB79A5058A11
                                                                                                                                                                        Function 00DB4C2A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SleepConditionVariableCS.KERNELBASE(?,00DB4BC7,00000064), ref: 00DB4C4D
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00EC7FD8,?,?,00DB4BC7,00000064,?,00C09D66,00EC8C04,6C34C19C,?,?,00DDCC0D,000000FF,?,00D5985C,6C34C19C), ref: 00DB4C57
                                                                                                                                                                        • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00DB4BC7,00000064,?,00C09D66,00EC8C04,6C34C19C,?,?,00DDCC0D,000000FF,?,00D5985C,6C34C19C), ref: 00DB4C68
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00EC7FD8,?,00DB4BC7,00000064,?,00C09D66,00EC8C04,6C34C19C,?,?,00DDCC0D,000000FF,?,00D5985C,6C34C19C), ref: 00DB4C6F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                        • String ID: v
                                                                                                                                                                        • API String ID: 3269011525-3261393531
                                                                                                                                                                        • Opcode ID: 81534f636e671716451a25f65be793fb1ac10f2ee4f3c531d7de09ccdbfb8e9c
                                                                                                                                                                        • Instruction ID: deb00df4f48eaee169b27280bb0c8dbe238f0dbaa6e02dcd6b13343a73605287
                                                                                                                                                                        • Opcode Fuzzy Hash: 81534f636e671716451a25f65be793fb1ac10f2ee4f3c531d7de09ccdbfb8e9c
                                                                                                                                                                        • Instruction Fuzzy Hash: 89E0923164A22CBFCF011F42ED4DEDE3F28EB14B51B004028F94672171CBA248059FD4
                                                                                                                                                                        Function 00C45970 Relevance: 7.8, APIs: 5, Instructions: 270memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CoInitializeEx.COMBASE(00000000,00000000), ref: 00C459C9
                                                                                                                                                                        • GetProcessHeap.KERNEL32(?,00000000), ref: 00C45ACB
                                                                                                                                                                        • HeapFree.KERNEL32(00000000,?,00000000), ref: 00C45AD1
                                                                                                                                                                        • GetProcessHeap.KERNEL32(?,00000000), ref: 00C45B4A
                                                                                                                                                                        • HeapFree.KERNEL32(00000000,?,00000000), ref: 00C45B50
                                                                                                                                                                        • CoUninitialize.COMBASE ref: 00C45CA7
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$FreeProcess$InitializeUninitialize
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 4239879612-0
                                                                                                                                                                        • Opcode ID: 7f3388fcc811811af10c884dcf0560b10826642f4aeff7a539b0bec572d51db1
                                                                                                                                                                        • Instruction ID: a4ee33bef5e321618321ae2f52fb5195df74a34516c6e61335ce2c6503cac12f
                                                                                                                                                                        • Opcode Fuzzy Hash: 7f3388fcc811811af10c884dcf0560b10826642f4aeff7a539b0bec572d51db1
                                                                                                                                                                        • Instruction Fuzzy Hash: A7B17EB0D00648DFDB14DFA5C985FEEBBB8FF45304F208259E415AB292DB749A45CBA0
                                                                                                                                                                        Function 00C22650 Relevance: 7.7, APIs: 5, Instructions: 237windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetDC.USER32(00000001), ref: 00C226C2
                                                                                                                                                                        • GetParent.USER32(00000001), ref: 00C226ED
                                                                                                                                                                        • SendMessageW.USER32(00000000,00000138,?,00000001), ref: 00C226FD
                                                                                                                                                                        • FillRect.USER32(?,?,00000000), ref: 00C2270B
                                                                                                                                                                        • ReleaseDC.USER32(00000001,00000000), ref: 00C228E1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FillMessageParentRectReleaseSend
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2215362955-0
                                                                                                                                                                        • Opcode ID: 936d41cd321ab6677c992a6b0fae676cd0e9e8e85df94038cd12cead7a798b14
                                                                                                                                                                        • Instruction ID: 6765dd640a889aca3120df40273ff2c5931598ac2f39a8ca46e750509c32368b
                                                                                                                                                                        • Opcode Fuzzy Hash: 936d41cd321ab6677c992a6b0fae676cd0e9e8e85df94038cd12cead7a798b14
                                                                                                                                                                        • Instruction Fuzzy Hash: 1F9159B2A04619EFDB15CFAADD04BAEBBB4FF08300F144129E915E7690D731A915CF90
                                                                                                                                                                        Function 00CFB3E0 Relevance: 7.7, APIs: 5, Instructions: 151windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetWindowDC.USER32(?,6C34C19C,?,?,00000000,?,?,?,?,?,?,?,?,00000000,00E16F5D,000000FF), ref: 00CFB410
                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00CFB430
                                                                                                                                                                        • IsWindowEnabled.USER32(?), ref: 00CFB461
                                                                                                                                                                        • GetFocus.USER32 ref: 00CFB46F
                                                                                                                                                                        • DeleteDC.GDI32(?), ref: 00CFB585
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$DeleteEnabledFocusRect
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 733580484-0
                                                                                                                                                                        • Opcode ID: c588740c0b0ac45c95f0a3fcf3d678c8684e6ede0c65359e97831a6cd7434cf2
                                                                                                                                                                        • Instruction ID: 2b60b69800fe5a0bd5896d5f9ca5fd376b29b0474dd25becdb343d8c5c1c61ef
                                                                                                                                                                        • Opcode Fuzzy Hash: c588740c0b0ac45c95f0a3fcf3d678c8684e6ede0c65359e97831a6cd7434cf2
                                                                                                                                                                        • Instruction Fuzzy Hash: B1513471A04209EFDB24DFA5D948BEEBBF8EF08300F144169E556B7290DB75AA45CF20
                                                                                                                                                                        Function 00C1B240 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetDC.USER32(?), ref: 00C1B31C
                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00C1B32B
                                                                                                                                                                        • ReleaseDC.USER32(00000000), ref: 00C1B372
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CapsDeviceRelease
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 127614599-0
                                                                                                                                                                        • Opcode ID: c66e7c444562c6d6bb78c2d20a30c82f626c23714b400db893ff5709ae742e21
                                                                                                                                                                        • Instruction ID: 99e3c7846423876a52a39c03d5595faf12937712245f236f46b28bea627a3059
                                                                                                                                                                        • Opcode Fuzzy Hash: c66e7c444562c6d6bb78c2d20a30c82f626c23714b400db893ff5709ae742e21
                                                                                                                                                                        • Instruction Fuzzy Hash: 41513AB5904249DFDB10DFA9C848BAEBBF4EF09310F104129F965E7290D7349954DF60
                                                                                                                                                                        Function 00C15780 Relevance: 7.6, APIs: 5, Instructions: 125windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ItemMessageSendWindow
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 799199299-0
                                                                                                                                                                        • Opcode ID: 76e0b4c8fe450c2d55ecd490587d5f0fac92d55cfce6605a1c9a23eecfac2ae0
                                                                                                                                                                        • Instruction ID: e2380dc77d5bfdad1cb3e839a0d1f5a126fd63e06a459d7fe756569cf062ec80
                                                                                                                                                                        • Opcode Fuzzy Hash: 76e0b4c8fe450c2d55ecd490587d5f0fac92d55cfce6605a1c9a23eecfac2ae0
                                                                                                                                                                        • Instruction Fuzzy Hash: 29410232340901DFE7148F19D894EA6B7A9FBC6351F14852AE596CA1A0C732ED91EB60
                                                                                                                                                                        Function 00CFB5B0 Relevance: 7.6, APIs: 5, Instructions: 124windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00CFB60E
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • IsWindowEnabled.USER32(?), ref: 00CFB644
                                                                                                                                                                        • GetFocus.USER32 ref: 00CFB654
                                                                                                                                                                        • GetDC.USER32(?), ref: 00CFB684
                                                                                                                                                                          • Part of subcall function 00D20B20: SelectObject.GDI32(?,?), ref: 00D20B83
                                                                                                                                                                          • Part of subcall function 00D20B20: SetTextColor.GDI32(?,?), ref: 00D20BCF
                                                                                                                                                                          • Part of subcall function 00D20B20: SelectObject.GDI32(?,?), ref: 00D20BF9
                                                                                                                                                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 00CFB6B3
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Init_thread_footerObjectSelectWindow$CallClientColorEnabledFocusHeapProcProcessRectText
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1237246694-0
                                                                                                                                                                        • Opcode ID: dda7a45ea337ebf638e9d484519862616af416f559758c905a2dc7c1c0fd09cd
                                                                                                                                                                        • Instruction ID: 210f871b5804fad2da4a13d2ed05ee668d4193adb0be7abd4195493a0e26572a
                                                                                                                                                                        • Opcode Fuzzy Hash: dda7a45ea337ebf638e9d484519862616af416f559758c905a2dc7c1c0fd09cd
                                                                                                                                                                        • Instruction Fuzzy Hash: 4F410871900209DFDB05DF65C985BEABBB4EF08310F148169E915AB2A2DB31AD54CF61
                                                                                                                                                                        Function 00D15610 Relevance: 7.6, APIs: 5, Instructions: 122COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00D15644
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00D15666
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00D1568E
                                                                                                                                                                        • std::_Facet_Register.LIBCPMT ref: 00D15777
                                                                                                                                                                        • std::_Lockit::~_Lockit.LIBCPMT ref: 00D157A1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 459529453-0
                                                                                                                                                                        • Opcode ID: 59bdc828ca72246045d1b6ce61238185c2bfbc49e89cf3bf1c69a585f02ff26e
                                                                                                                                                                        • Instruction ID: a6f2eefd3e544d820a8799b62a4ea4fa9c6d3d2ed2696df428c5439a0219a326
                                                                                                                                                                        • Opcode Fuzzy Hash: 59bdc828ca72246045d1b6ce61238185c2bfbc49e89cf3bf1c69a585f02ff26e
                                                                                                                                                                        • Instruction Fuzzy Hash: 7F51BF71900645DFDB10CF58E885BEEBBF0FB41314F244159E845AB381DB79AA45CBA0
                                                                                                                                                                        Function 00C2EBA0 Relevance: 7.6, APIs: 5, Instructions: 109windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SetFocus.USER32(00000000,?,?), ref: 00C2EC18
                                                                                                                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00C2EC60
                                                                                                                                                                        • SendMessageW.USER32(?,0000102C,000000FF,0000F000), ref: 00C2EC7C
                                                                                                                                                                        • SendMessageW.USER32(?,0000102B,000000FF,?), ref: 00C2ECAE
                                                                                                                                                                        • SetFocus.USER32(00000000,?,?), ref: 00C2ECC1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MessageSend$Focus
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3982298024-0
                                                                                                                                                                        • Opcode ID: d38b8188b6606fe6534b8946cbf19f6ca5e816ecca6e902f4fb1528538eb8907
                                                                                                                                                                        • Instruction ID: 87d382601eb08f978a5390b24973a7fc0e651fd137dcccf81982649d7c3d58d6
                                                                                                                                                                        • Opcode Fuzzy Hash: d38b8188b6606fe6534b8946cbf19f6ca5e816ecca6e902f4fb1528538eb8907
                                                                                                                                                                        • Instruction Fuzzy Hash: 08417B74900608DFDB10DFA9CC84AAABBF4FF48710F20462DE866A77A1DB71A944CF50
                                                                                                                                                                        Function 00C0F230 Relevance: 7.6, APIs: 5, Instructions: 60memorywindowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00C0F27A
                                                                                                                                                                        • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 00C0F280
                                                                                                                                                                        • FormatMessageW.KERNEL32(00001300,00000000,?,00000400,00000000,00000000,00000000), ref: 00C0F2A3
                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,00DDE1F6,000000FF), ref: 00C0F2CB
                                                                                                                                                                        • HeapFree.KERNEL32(00000000,00000000,00000000,?,?,?,00DDE1F6,000000FF), ref: 00C0F2D1
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Heap$FreeProcess$FormatMessage
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1606019998-0
                                                                                                                                                                        • Opcode ID: 4fb6fc3eac808c07b1a73609485b659da707a0a7fe442a72a2f0df4caa490015
                                                                                                                                                                        • Instruction ID: eef7ca60156726a5ac903da6d5d71829ba442bc631f0725071a6a50ec0838c05
                                                                                                                                                                        • Opcode Fuzzy Hash: 4fb6fc3eac808c07b1a73609485b659da707a0a7fe442a72a2f0df4caa490015
                                                                                                                                                                        • Instruction Fuzzy Hash: 571160B1A44259EBEB10EF94CC42BAFBBBCEB04B04F100519F910AB2C1D7B59A4487F1
                                                                                                                                                                        Function 00C271B0 Relevance: 7.6, APIs: 5, Instructions: 58windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00C271BB
                                                                                                                                                                        • SendMessageW.USER32(?,?,?,0000102B), ref: 00C27218
                                                                                                                                                                        • SendMessageW.USER32(?,?,?,0000102B), ref: 00C27267
                                                                                                                                                                        • SendMessageW.USER32(?,00001043,00000000,00000000), ref: 00C27278
                                                                                                                                                                        • SendMessageW.USER32(?,00001013,00000000,00000000), ref: 00C27285
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MessageSend$LongWindow
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 312131281-0
                                                                                                                                                                        • Opcode ID: db5176e01f26949e28ab8b4b029d11e6242ee9ead1ab9b994ff2183843b381e9
                                                                                                                                                                        • Instruction ID: ce5a7f7c5dcc92ff49cc1aacf9b9e76fdad968fe5ce1995c7d99d6e4c0fb9c8f
                                                                                                                                                                        • Opcode Fuzzy Hash: db5176e01f26949e28ab8b4b029d11e6242ee9ead1ab9b994ff2183843b381e9
                                                                                                                                                                        • Instruction Fuzzy Hash: EC215131918786AAD320DF15CD44B1ABBF1BFED758F206B1EF1D0211A4E7F195848E86
                                                                                                                                                                        Function 00D3CC60 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 326COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • PathIsUNCW.SHLWAPI(?,6C34C19C,?,00000010,?), ref: 00D3CF2A
                                                                                                                                                                          • Part of subcall function 00D1CF90: GetCurrentProcess.KERNEL32 ref: 00D1CFD8
                                                                                                                                                                          • Part of subcall function 00D1CF90: OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 00D1CFE5
                                                                                                                                                                          • Part of subcall function 00D1CF90: GetLastError.KERNEL32 ref: 00D1CFEF
                                                                                                                                                                          • Part of subcall function 00D1CF90: CloseHandle.KERNEL32(00000000), ref: 00D1D0D0
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                          • Part of subcall function 00C092A0: FindResourceW.KERNEL32(00000000,?,00000006,?,?,*.*,8007000E,80004005,00C21134,00000000,?,00000010,?,*.*,?,80070057), ref: 00C092C3
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Process$Init_thread_footer$CloseCurrentErrorFindHandleHeapLastOpenPathResourceToken
                                                                                                                                                                        • String ID: Extraction path set to:$[WindowsVolume]$\\?\
                                                                                                                                                                        • API String ID: 699919280-3538578949
                                                                                                                                                                        • Opcode ID: 11c3fd239f1bd5b88153dff9c2a747e986dc75e198fa40caeba2a338fae41114
                                                                                                                                                                        • Instruction ID: 23b1c81dfa735c875ed01e3c74b0d741ce9215fd401918557d00a00f760654bc
                                                                                                                                                                        • Opcode Fuzzy Hash: 11c3fd239f1bd5b88153dff9c2a747e986dc75e198fa40caeba2a338fae41114
                                                                                                                                                                        • Instruction Fuzzy Hash: 0DC1E230A016459FDB14DF6CC884BAEFBB5EF44314F1882A9E811AB2D2DB70DD45CBA0
                                                                                                                                                                        Function 00C33570 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 319windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateWindowExW.USER32(?,RichEdit20W,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00C3371C
                                                                                                                                                                        • SendMessageW.USER32(00000000,00000031,00000000,00000000), ref: 00C33731
                                                                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 00C33739
                                                                                                                                                                          • Part of subcall function 00C09980: RtlAllocateHeap.NTDLL(?,00000000,?,6C34C19C,00000000,00DDC6B0,000000FF,?,?,00EBC42C,?,00D598B8,80004005,6C34C19C), ref: 00C099CA
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MessageSend$AllocateCreateHeapWindow
                                                                                                                                                                        • String ID: RichEdit20W
                                                                                                                                                                        • API String ID: 2359350451-4173859555
                                                                                                                                                                        • Opcode ID: d163bd3a0ee8a1c30df7fed12c5c18bc2523afe3dd325de5f97a3226916ec1a6
                                                                                                                                                                        • Instruction ID: 8eafa88eb6ea1f57eb0b1a9736309b060c00b7717e1739500894216bc937c5aa
                                                                                                                                                                        • Opcode Fuzzy Hash: d163bd3a0ee8a1c30df7fed12c5c18bc2523afe3dd325de5f97a3226916ec1a6
                                                                                                                                                                        • Instruction Fuzzy Hash: 67B18871A01209DFDB14CFA8C895BAEBBF4FF48710F144169E815AB391DB71AE00CBA0
                                                                                                                                                                        Function 00C2D870 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 226windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C09980: RtlAllocateHeap.NTDLL(?,00000000,?,6C34C19C,00000000,00DDC6B0,000000FF,?,?,00EBC42C,?,00D598B8,80004005,6C34C19C), ref: 00C099CA
                                                                                                                                                                          • Part of subcall function 00CFA0B0: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,00C266F8,00000000,80004005), ref: 00CFA118
                                                                                                                                                                          • Part of subcall function 00CFA0B0: RedrawWindow.USER32(?,00000000,00000000,00000541,?,?,?,000000EF,?,00C266F8,00000000,80004005), ref: 00CFA129
                                                                                                                                                                          • Part of subcall function 00CFA0B0: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00CFA148
                                                                                                                                                                        • SendMessageW.USER32(?,00001036,00000004,00000004), ref: 00C2DA2D
                                                                                                                                                                        • SendMessageW.USER32(?,00001036,00000400,00000400), ref: 00C2DA44
                                                                                                                                                                        • SendMessageW.USER32(?,00001061,00000000,?), ref: 00C2DAA0
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MessageSend$Window$AllocateHeapRedraw
                                                                                                                                                                        • String ID: QuickSelectionList
                                                                                                                                                                        • API String ID: 884508843-3633591268
                                                                                                                                                                        • Opcode ID: ccf6615d6923976e20ed8b28f0c931de50e5a6826d477e69c77fbb2086e06938
                                                                                                                                                                        • Instruction ID: 6c42a9dbbb91209f8c347d8fa18ea5dd1853d084193d853a2888d53ddc1a217f
                                                                                                                                                                        • Opcode Fuzzy Hash: ccf6615d6923976e20ed8b28f0c931de50e5a6826d477e69c77fbb2086e06938
                                                                                                                                                                        • Instruction Fuzzy Hash: A081AB71A002099FDB04DF69D884BAAF7F4FF88314F108259F566A7291DB71AE44CFA1
                                                                                                                                                                        Function 00D4E3A0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 172COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104,6C34C19C,74DEF530,00000000), ref: 00D4E3F2
                                                                                                                                                                        • CloseHandle.KERNEL32(?,6C34C19C,00000000,?,00000000,00E25F93,000000FF,?), ref: 00D4E570
                                                                                                                                                                        • CloseHandle.KERNEL32(?,6C34C19C,00000000,?,00000000,00E25F93,000000FF,?), ref: 00D4E59F
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CloseHandle$FileModuleName
                                                                                                                                                                        • String ID: LOG
                                                                                                                                                                        • API String ID: 3884789274-429402703
                                                                                                                                                                        • Opcode ID: 6d5e5bb5fe7efa85816e1df4e50f93bac17cf64ea727690a8b88bd64e0687b0b
                                                                                                                                                                        • Instruction ID: 384a2f7053c1d1ed6fce04f03f1050e64e0c1d43308fbedf22b5f156aa481ef9
                                                                                                                                                                        • Opcode Fuzzy Hash: 6d5e5bb5fe7efa85816e1df4e50f93bac17cf64ea727690a8b88bd64e0687b0b
                                                                                                                                                                        • Instruction Fuzzy Hash: D851C371A00244EFDB24DF68C905BAAB7F5FF44710F144669E81ADB781E774DA04CBA0
                                                                                                                                                                        Function 00C0F600 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryW.KERNEL32(combase.dll,RoOriginateLanguageException), ref: 00C0F642
                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,combase.dll), ref: 00C0F648
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                                                        • String ID: RoOriginateLanguageException$combase.dll
                                                                                                                                                                        • API String ID: 2574300362-3996158991
                                                                                                                                                                        • Opcode ID: 1f10378c4509f2342be127c8d27c60a021a76897cb68b92e6064f463b1d54291
                                                                                                                                                                        • Instruction ID: d3279c212ae3875ede150ad38c386c52a86c446309c94592cebaa1964abcc98b
                                                                                                                                                                        • Opcode Fuzzy Hash: 1f10378c4509f2342be127c8d27c60a021a76897cb68b92e6064f463b1d54291
                                                                                                                                                                        • Instruction Fuzzy Hash: 09314C71900209DFDB20DFA8C955BEEB7B4EB14314F10423AE825A76D0DB755B85CBA1
                                                                                                                                                                        Function 00D514E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,?,00D4F23A,?,6C34C19C,?,?,?,?,00E262A5,000000FF), ref: 00D514ED
                                                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00D4F23A,?,6C34C19C,?,?,?,?,00E262A5,000000FF,?), ref: 00D5150E
                                                                                                                                                                        • GetLastError.KERNEL32(?,6C34C19C,?,?,?,?,00E262A5,000000FF,?,00D4EB6D,?,?,00000000,?,?), ref: 00D5156E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateEvent$ErrorLast
                                                                                                                                                                        • String ID: AdvancedInstaller
                                                                                                                                                                        • API String ID: 1131763895-1372594473
                                                                                                                                                                        • Opcode ID: 4cb24094f40d93912ca34bb2daca6451306914b5797857da535533f2baf4b68a
                                                                                                                                                                        • Instruction ID: 6817b3dd1ce7894d4efedb39541dcae42c846f8a731268c0c14f25aff2c35e70
                                                                                                                                                                        • Opcode Fuzzy Hash: 4cb24094f40d93912ca34bb2daca6451306914b5797857da535533f2baf4b68a
                                                                                                                                                                        • Instruction Fuzzy Hash: BE113A75340606AFDB24DB31CD89F16BBB4FB84706F204524F9069B290D7B1E819CBA0
                                                                                                                                                                        Function 00C18320 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00EC957C), ref: 00C1835C
                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00C18370
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00EC957C), ref: 00C183AF
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$CurrentEnterLeaveThread
                                                                                                                                                                        • String ID: v
                                                                                                                                                                        • API String ID: 2351996187-3261393531
                                                                                                                                                                        • Opcode ID: 2589233014a003af3a64874945bf35eaf4f76e1628f22701c74e291cbb4a97ab
                                                                                                                                                                        • Instruction ID: bb02dcad4294d9d2dcd1e9be008f60781df8f62303296606ac630311f6356904
                                                                                                                                                                        • Opcode Fuzzy Hash: 2589233014a003af3a64874945bf35eaf4f76e1628f22701c74e291cbb4a97ab
                                                                                                                                                                        • Instruction Fuzzy Hash: 4811D331D08354CFCB11CF1AD908B5ABBE4FB45B10F15465DD866A3391C7B159098BA0
                                                                                                                                                                        Function 00C27710 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 55COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetParent.USER32(00000005), ref: 00C27784
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Parent
                                                                                                                                                                        • String ID: C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h$DX$d
                                                                                                                                                                        • API String ID: 975332729-1206192860
                                                                                                                                                                        • Opcode ID: f534e6099db57aa0850e12b3179b8b4c107201b4304f9e6ee184dcf42f344e28
                                                                                                                                                                        • Instruction ID: 15b3b0f7f77b3b1c92edd87017f9cbc9056cbe23419d37d18b9bd688e4398d3a
                                                                                                                                                                        • Opcode Fuzzy Hash: f534e6099db57aa0850e12b3179b8b4c107201b4304f9e6ee184dcf42f344e28
                                                                                                                                                                        • Instruction Fuzzy Hash: 95215970D05298EFDF04CFE4E958BDDBBB1AF45304F108158E401BB295DBB96A08DB50
                                                                                                                                                                        Function 00C1266B Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ActiveWindow
                                                                                                                                                                        • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$DX$d
                                                                                                                                                                        • API String ID: 2558294473-825145886
                                                                                                                                                                        • Opcode ID: c94f67dee034e2864a6aa51a07490660e07b63fd240008bd20c2cca4d33b68f8
                                                                                                                                                                        • Instruction ID: 3664de855646e62a45517f7a9e5503d57790f507e4c1faf1a4a621fce0265dba
                                                                                                                                                                        • Opcode Fuzzy Hash: c94f67dee034e2864a6aa51a07490660e07b63fd240008bd20c2cca4d33b68f8
                                                                                                                                                                        • Instruction Fuzzy Hash: C1216574D05288EFCF04CBE4E958BDDBBB1AF46304F508098E001BB295EBB51A08DB91
                                                                                                                                                                        Function 00C12A59 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ActiveWindow
                                                                                                                                                                        • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$DX$d
                                                                                                                                                                        • API String ID: 2558294473-825145886
                                                                                                                                                                        • Opcode ID: 1bec655cd52667c648ea97b246ddefe08c1674e4360b320f517fbfd4787b3a5a
                                                                                                                                                                        • Instruction ID: 605d8411575fa70cc59e8ecb5f03516626233eb0ff3c05438232f28e918d34d0
                                                                                                                                                                        • Opcode Fuzzy Hash: 1bec655cd52667c648ea97b246ddefe08c1674e4360b320f517fbfd4787b3a5a
                                                                                                                                                                        • Instruction Fuzzy Hash: B6216570D05288EFCB04CFE4E9587DDBBB0AF45304F608098E001BB295DBB96A09DB91
                                                                                                                                                                        Function 00C277EB Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 53COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetParent.USER32(0000000D), ref: 00C2785C
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Parent
                                                                                                                                                                        • String ID: C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h$DX$d
                                                                                                                                                                        • API String ID: 975332729-1206192860
                                                                                                                                                                        • Opcode ID: 159bd247b3bc05bc99e715e23049cb0a47a38682ed309f2e5cdebf3372176046
                                                                                                                                                                        • Instruction ID: 7dababf6cc388d72b3eb2fda81ac2f29fd00d13b7b5ced9d4d28f840b1fe51eb
                                                                                                                                                                        • Opcode Fuzzy Hash: 159bd247b3bc05bc99e715e23049cb0a47a38682ed309f2e5cdebf3372176046
                                                                                                                                                                        • Instruction Fuzzy Hash: 47215430D05288EEDF04CFE4E998BDDBBB0AF45308F208158E001BB2A5DBB95A09DB51
                                                                                                                                                                        Function 00C12740 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ActiveWindow
                                                                                                                                                                        • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$DX$d
                                                                                                                                                                        • API String ID: 2558294473-825145886
                                                                                                                                                                        • Opcode ID: e7d792910a7469b32e7c0aabcb37a84e2b9ba220da1bb18cf0484d8390906f41
                                                                                                                                                                        • Instruction ID: 1f58ef0ef14d7bc723ccb9a2aea1db6561a99ec3e5cd99a8bac91d3782b4d366
                                                                                                                                                                        • Opcode Fuzzy Hash: e7d792910a7469b32e7c0aabcb37a84e2b9ba220da1bb18cf0484d8390906f41
                                                                                                                                                                        • Instruction Fuzzy Hash: 31216730D05288EEDF04CFE4E9587DDBBB0AF55308F608058E0017B295DBB55A49EB61
                                                                                                                                                                        Function 00C12B31 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ActiveWindow
                                                                                                                                                                        • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$DX$d
                                                                                                                                                                        • API String ID: 2558294473-825145886
                                                                                                                                                                        • Opcode ID: e36a94ddefe15294fe3aeb869c7e8d3a107b4cf533d3255b80f589058af6374a
                                                                                                                                                                        • Instruction ID: baeabff6313522255674d1bc7f658d9792f233fd8bf982e0f872c5524eb246cc
                                                                                                                                                                        • Opcode Fuzzy Hash: e36a94ddefe15294fe3aeb869c7e8d3a107b4cf533d3255b80f589058af6374a
                                                                                                                                                                        • Instruction Fuzzy Hash: 97215630D05288EFDF04CFE4E968BDDBBB0AF95308F608198E0017B295DBB55A49EB51
                                                                                                                                                                        Function 00DB2220 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50threadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Cnd_broadcastCurrentMtx_unlockThread
                                                                                                                                                                        • String ID: Pz
                                                                                                                                                                        • API String ID: 2021000804-2390790901
                                                                                                                                                                        • Opcode ID: a990a2d1653c08c1abf2f8eac8a79ca66cf3801afb0942659d0e4f04832d0f29
                                                                                                                                                                        • Instruction ID: cf9ccef72d7fc7bfafbfaeaf62c3f8bfa80147f398120c5524afbc21229abca8
                                                                                                                                                                        • Opcode Fuzzy Hash: a990a2d1653c08c1abf2f8eac8a79ca66cf3801afb0942659d0e4f04832d0f29
                                                                                                                                                                        • Instruction Fuzzy Hash: 38019A32600702DBDB269BA5C852AFAB3A5EF41351F590439E557AB200DB31EC009BB0
                                                                                                                                                                        Function 00DB942C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,00DB93DD,?,?,00000000,?,?,?,00DB9507,00000002,FlsGetValue,00E3B154,00E3B15C), ref: 00DB9439
                                                                                                                                                                        • GetLastError.KERNEL32(?,00DB93DD,?,?,00000000,?,?,?,00DB9507,00000002,FlsGetValue,00E3B154,00E3B15C,?,?,00DB6324), ref: 00DB9443
                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 00DB946B
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                        • API String ID: 3177248105-2084034818
                                                                                                                                                                        • Opcode ID: 92cfa07fa128d4e7d48eb81cd24b8d4730466156c3c7efb9c5df9a76f033a35a
                                                                                                                                                                        • Instruction ID: ba9893aa200c752da57f7693f66aa8eeb029d4d77bb90dbf41d5f2e5287de1ca
                                                                                                                                                                        • Opcode Fuzzy Hash: 92cfa07fa128d4e7d48eb81cd24b8d4730466156c3c7efb9c5df9a76f033a35a
                                                                                                                                                                        • Instruction Fuzzy Hash: 09E04F3038024CFBEF201F61FC2AB987F599B10B40F148020FB4EB80E1E7A5EA159969
                                                                                                                                                                        Function 00C26560 Relevance: 6.3, APIs: 4, Instructions: 320windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SendMessageW.USER32(?,00001037,00000000,00000000), ref: 00C266A8
                                                                                                                                                                        • SendMessageW.USER32(?,00001036,00000000,00000000), ref: 00C266BD
                                                                                                                                                                          • Part of subcall function 00C09980: RtlAllocateHeap.NTDLL(?,00000000,?,6C34C19C,00000000,00DDC6B0,000000FF,?,?,00EBC42C,?,00D598B8,80004005,6C34C19C), ref: 00C099CA
                                                                                                                                                                          • Part of subcall function 00CFA0B0: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000037,?,?,?,000000EF,?,00C266F8,00000000,80004005), ref: 00CFA118
                                                                                                                                                                          • Part of subcall function 00CFA0B0: RedrawWindow.USER32(?,00000000,00000000,00000541,?,?,?,000000EF,?,00C266F8,00000000,80004005), ref: 00CFA129
                                                                                                                                                                          • Part of subcall function 00CFA0B0: SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00CFA148
                                                                                                                                                                        • SendMessageW.USER32(?,0000101C,00000000,00000000), ref: 00C267F3
                                                                                                                                                                        • SendMessageW.USER32(?,00001061,00000000,00000005), ref: 00C268EF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MessageSend$Window$AllocateHeapRedraw
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 884508843-0
                                                                                                                                                                        • Opcode ID: 4b13c82f100290636bf30392c5299e48c6a711aa626fe38fe1425eda53d94e4f
                                                                                                                                                                        • Instruction ID: 35b37f29ed97dc2ba4d087a61da3f2022553d04acb89523829a96fa870d2d6e9
                                                                                                                                                                        • Opcode Fuzzy Hash: 4b13c82f100290636bf30392c5299e48c6a711aa626fe38fe1425eda53d94e4f
                                                                                                                                                                        • Instruction Fuzzy Hash: 9BC1D071A00219DFDB18DFA8D885BEEFBB5FF48314F104219E425AB6D0DB75A944CBA0
                                                                                                                                                                        Function 00C149D0 Relevance: 6.3, APIs: 4, Instructions: 269memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SysAllocStringLen.OLEAUT32(00000000,?), ref: 00C14A9A
                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00C14AE6
                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00C14B08
                                                                                                                                                                        • SysFreeString.OLEAUT32(00000000), ref: 00C14C63
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: String$Free$Alloc
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 986138563-0
                                                                                                                                                                        • Opcode ID: 8b79801662401c8c20ff6a65cadbc6209d6388c7cb621121ae7f9ce0bfcd4491
                                                                                                                                                                        • Instruction ID: d8ecd8a79ad975935aeac00c484f2270bef7d0d471d98aa012947c7ffa0dbc6a
                                                                                                                                                                        • Opcode Fuzzy Hash: 8b79801662401c8c20ff6a65cadbc6209d6388c7cb621121ae7f9ce0bfcd4491
                                                                                                                                                                        • Instruction Fuzzy Hash: 54A1A171A0460ADFDB18CFA9CC48FEEBBB8EF45314F104119E525E7280E7749A45DBA1
                                                                                                                                                                        Function 00C30050 Relevance: 6.2, APIs: 4, Instructions: 246windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SendMessageW.USER32(00000001,0000110A,00000004,?), ref: 00C30125
                                                                                                                                                                        • SendMessageW.USER32(00000001,0000110A,00000001,00000000), ref: 00C30157
                                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000004,?), ref: 00C302CE
                                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000001,00000000), ref: 00C302F6
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                        • Opcode ID: f2614734757628b3d3a79e59bdbc18c83c4159a7004d2fe2ecff9c3a1a5c4296
                                                                                                                                                                        • Instruction ID: fdefc3e36580dc0633272b9bdce103535532956187a77833730d0a86a7af8adb
                                                                                                                                                                        • Opcode Fuzzy Hash: f2614734757628b3d3a79e59bdbc18c83c4159a7004d2fe2ecff9c3a1a5c4296
                                                                                                                                                                        • Instruction Fuzzy Hash: 9891AF72A10208DFCB25CF68D894FEEB7F5FF49710F244169E411AB291D731A945CBA0
                                                                                                                                                                        Function 00D2AAD0 Relevance: 6.2, APIs: 4, Instructions: 199COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetActiveWindow.USER32 ref: 00D2AC21
                                                                                                                                                                        • GetForegroundWindow.USER32(?,00D330B9), ref: 00D2AC31
                                                                                                                                                                        • SetForegroundWindow.USER32(00000000), ref: 00D2AC6B
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(?,6C34C19C,?,?,?,000000FF,?,00D330B9,?), ref: 00D2ACBF
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Window$ForegroundInit_thread_footer$ActiveDebugHeapOutputProcessString
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1401059542-0
                                                                                                                                                                        • Opcode ID: b6bee503964c9f99bfee140ffba1900fd1b64fcd1de4da38bf0c5a161df0223b
                                                                                                                                                                        • Instruction ID: 2eba14361eed11148136a8b24c928f0173b95568e89365600a7d29fe9daf4ead
                                                                                                                                                                        • Opcode Fuzzy Hash: b6bee503964c9f99bfee140ffba1900fd1b64fcd1de4da38bf0c5a161df0223b
                                                                                                                                                                        • Instruction Fuzzy Hash: 95613475A006158FDB04CB6CC808BAEBBB5EF45324F1882ADE815A73D2DB359D00DBA1
                                                                                                                                                                        Function 00C1F260 Relevance: 6.2, APIs: 4, Instructions: 183windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetClientRect.USER32(?,00000000), ref: 00C1F2F9
                                                                                                                                                                        • GetParent.USER32(?), ref: 00C1F319
                                                                                                                                                                        • SendMessageW.USER32(00000000,00000135,?,?), ref: 00C1F329
                                                                                                                                                                        • FillRect.USER32(?,00000000,00000000), ref: 00C1F337
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Rect$ClientFillMessageParentSend
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 425900729-0
                                                                                                                                                                        • Opcode ID: 495b919b7da97e3f40e4001f1773329008ba6dd42d16629bc89cefd66d1c870e
                                                                                                                                                                        • Instruction ID: 1226a8f2aaf24997720f48886a7efd2621508a5d0a8bc1f1904c2ef497acd1e5
                                                                                                                                                                        • Opcode Fuzzy Hash: 495b919b7da97e3f40e4001f1773329008ba6dd42d16629bc89cefd66d1c870e
                                                                                                                                                                        • Instruction Fuzzy Hash: 64816B70A00219EFDB25CF64C948BDEBBB4FF09304F1081A9E559A7251DB71AE85DF50
                                                                                                                                                                        Function 00C1D470 Relevance: 6.2, APIs: 4, Instructions: 166memoryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C1D5A8
                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00C1D5BB
                                                                                                                                                                        • VariantClear.OLEAUT32(00000000), ref: 00C1D5DD
                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 00C1D60E
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ClearVariant$AllocString
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2502263055-0
                                                                                                                                                                        • Opcode ID: 666f63b4bd0b037483aee81bf20df5a37713a49b04fbaa93ce12ed1bea287d04
                                                                                                                                                                        • Instruction ID: ad51d729d1297baefa360465c447b8c1aa58c902b5a4f9a164b5e272918ab0a2
                                                                                                                                                                        • Opcode Fuzzy Hash: 666f63b4bd0b037483aee81bf20df5a37713a49b04fbaa93ce12ed1bea287d04
                                                                                                                                                                        • Instruction Fuzzy Hash: 6651A3B5A00218DFCB20CF64CC40BDAB7B5EF49714F1085A9EA19E7241D735EA85CF94
                                                                                                                                                                        Function 00D32010 Relevance: 6.2, APIs: 4, Instructions: 164COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetShortPathNameW.KERNEL32(6C34C19C,00000000,00000000), ref: 00D32070
                                                                                                                                                                        • GetShortPathNameW.KERNEL32(?,80004005,?), ref: 00D320DE
                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000,00000000,00000000,?), ref: 00D3212E
                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000003,00000000,?,000000FF,?,-00000001,00000000,00000000), ref: 00D32164
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharMultiNamePathShortWide
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3379522384-0
                                                                                                                                                                        • Opcode ID: 2701d5e8c3e07a7d3c4f5989e11a7cf75aaf66994661ab1150d780bc992de86a
                                                                                                                                                                        • Instruction ID: f48a676071a932d1c4abf5068193e735661f439ee75c3a4ff848f84377f0a0ea
                                                                                                                                                                        • Opcode Fuzzy Hash: 2701d5e8c3e07a7d3c4f5989e11a7cf75aaf66994661ab1150d780bc992de86a
                                                                                                                                                                        • Instruction Fuzzy Hash: D951AC71A00606AFDB14CF68DD89B6EF7B5FF84320F10866CF525AB291DB71A800CB60
                                                                                                                                                                        Function 00D4ACF0 Relevance: 6.2, APIs: 4, Instructions: 157registryCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,6C34C19C), ref: 00D4AD66
                                                                                                                                                                        • _wcsrchr.LIBVCRUNTIME ref: 00D4AD90
                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(00000000,6C34C19C,00000000,00000000,00000000,00000000,6C34C19C,00000001,?,00000000,00000000), ref: 00D4AE13
                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00D4AE5F
                                                                                                                                                                          • Part of subcall function 00D4AC10: RegOpenKeyExW.ADVAPI32(00000000,6C34C19C,00000000,00020019,00000002,6C34C19C,00000001,00000010,00000002,00D49F3C,6C34C19C,00000000,00000000), ref: 00D4ACAC
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Close$OpenQueryValue_wcsrchr
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 213811329-0
                                                                                                                                                                        • Opcode ID: 128de120def85a01d15f92db757feed461ec353ce44f57292f65957369bfb119
                                                                                                                                                                        • Instruction ID: c38b9ccc9c926f8f93b019b4f95b0b905e2893b79f850333f49b2dbb8cd0746b
                                                                                                                                                                        • Opcode Fuzzy Hash: 128de120def85a01d15f92db757feed461ec353ce44f57292f65957369bfb119
                                                                                                                                                                        • Instruction Fuzzy Hash: 5751F471A413499FDB10CF68C945B9EBBB8EF85720F14826AEC21A73D0D7759A04CBA0
                                                                                                                                                                        Function 00C337F0 Relevance: 6.1, APIs: 4, Instructions: 107windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • SendMessageW.USER32(?,000000C5,?,00000000), ref: 00C3383B
                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00C3386D
                                                                                                                                                                        • GetDC.USER32(?), ref: 00C33880
                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000), ref: 00C33887
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CapsClientDeviceMessageRectSend
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3507044913-0
                                                                                                                                                                        • Opcode ID: a89ef037d5c44f45b438785cf2c09276c455dc03e26a4a8d0137c5ae060d1e52
                                                                                                                                                                        • Instruction ID: 5f47c37ee6fc307dfeb3117e26fc280817b6deca4bdc3be6335d25c832470bff
                                                                                                                                                                        • Opcode Fuzzy Hash: a89ef037d5c44f45b438785cf2c09276c455dc03e26a4a8d0137c5ae060d1e52
                                                                                                                                                                        • Instruction Fuzzy Hash: 8341AF312143449FE721DF39CC06F9AB7E4BF88300F004A29F599E71A1DB71A959CB92
                                                                                                                                                                        Function 00C1FD50 Relevance: 6.1, APIs: 4, Instructions: 101windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00C1FDA9
                                                                                                                                                                        • GetLastError.KERNEL32 ref: 00C1FDDD
                                                                                                                                                                        • SendMessageW.USER32(?,00000317,00000000,00000006), ref: 00C1FE09
                                                                                                                                                                        • SendMessageW.USER32(?,00000318,?,00000006), ref: 00C1FE67
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: MessageSend$ClientErrorLastRect
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2591167063-0
                                                                                                                                                                        • Opcode ID: f305c55868967cd4afd3fb768d5913b2d00c968404bf8b0a8917dc7f26f3151b
                                                                                                                                                                        • Instruction ID: 4bb095c15d4b2556702be9014dd8c2835d300874c069c947f92575c3bc166bc2
                                                                                                                                                                        • Opcode Fuzzy Hash: f305c55868967cd4afd3fb768d5913b2d00c968404bf8b0a8917dc7f26f3151b
                                                                                                                                                                        • Instruction Fuzzy Hash: EA31B130504708AFE721DF25CC49BEABBF4EF05710F10466DF562A62E1C775A986DB10
                                                                                                                                                                        Function 00D64C50 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00D64C9A
                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D64CAD
                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00D64D07
                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D64D1A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CapsDevice
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 328075279-0
                                                                                                                                                                        • Opcode ID: d97d8f66f63908b06391a345f7d7e4a953fbe953c579e6e2a85733a5e7854446
                                                                                                                                                                        • Instruction ID: 1c631f1bdee70bd1388ba06c55e53bbbca9e3d7ee0b1fa6ea570524d07c9983e
                                                                                                                                                                        • Opcode Fuzzy Hash: d97d8f66f63908b06391a345f7d7e4a953fbe953c579e6e2a85733a5e7854446
                                                                                                                                                                        • Instruction Fuzzy Hash: 1731AFB2914A14AFD702DF75DC46B5ABBB8FF093A5F108326E425F3291EB705805CB60
                                                                                                                                                                        Function 00C15660 Relevance: 6.1, APIs: 4, Instructions: 84windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Focus$ChildWindow
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 501040988-0
                                                                                                                                                                        • Opcode ID: 9703d36806f3f82568c7354e82ea2f80785cd776e9d9b751061041111affc023
                                                                                                                                                                        • Instruction ID: c61028f4879cfda51cfb2cd9913747139440b2cd5ca6ce00998ee927e56fcdd8
                                                                                                                                                                        • Opcode Fuzzy Hash: 9703d36806f3f82568c7354e82ea2f80785cd776e9d9b751061041111affc023
                                                                                                                                                                        • Instruction Fuzzy Hash: 4F31AC70600A06EFDB14CF64CD4AFAAB7B9FF4A710F108269E425D72D0DB75A954CB90
                                                                                                                                                                        Function 00C229D0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(?,6C34C19C), ref: 00C22A3A
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,6C34C19C), ref: 00C22A47
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00C22A98
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                        • String ID: v
                                                                                                                                                                        • API String ID: 3991485460-3261393531
                                                                                                                                                                        • Opcode ID: cf7687befe59f513a69ed9d36ca286ae30c2e7c1ab7460618496042a47ac1f80
                                                                                                                                                                        • Instruction ID: 21a81254d232f89f45cb179baabf15a386bd1b95c25a0152584f21c558298b65
                                                                                                                                                                        • Opcode Fuzzy Hash: cf7687befe59f513a69ed9d36ca286ae30c2e7c1ab7460618496042a47ac1f80
                                                                                                                                                                        • Instruction Fuzzy Hash: 8221B176900254AFDF11CF64D844BD9BBB4EF16324F5001A9E855AB782C732590ADB60
                                                                                                                                                                        Function 00C22AC0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(?,6C34C19C), ref: 00C22B2A
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,6C34C19C), ref: 00C22B37
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00C22B7E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                        • String ID: v
                                                                                                                                                                        • API String ID: 3991485460-3261393531
                                                                                                                                                                        • Opcode ID: a24f4df19b2552fdf432aee215de3eb11109e1565d8c7037005f91ff54b3d485
                                                                                                                                                                        • Instruction ID: f98b9c98d1ee80f7b1100030c8722ac94ddd7b2a6d333d1fc81f4f40bf31a076
                                                                                                                                                                        • Opcode Fuzzy Hash: a24f4df19b2552fdf432aee215de3eb11109e1565d8c7037005f91ff54b3d485
                                                                                                                                                                        • Instruction Fuzzy Hash: 7021C1769002449FDF11CF24DC44BD9BBB4FF16324F1005A9EC59AB382D7326A0ACBA0
                                                                                                                                                                        Function 00D52FF0 Relevance: 6.1, APIs: 4, Instructions: 62synchronizationCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • ResetEvent.KERNEL32(?,?,?,00D52422,?,?,?,?,?,00000003,00000000,6C34C19C,00000000), ref: 00D53002
                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00D52422,?,?,?,?,?,00000003,00000000,6C34C19C,00000000), ref: 00D5302F
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,0000000A,?,?,?,00D52422,?,?,?,?,?,00000003,00000000,6C34C19C,00000000), ref: 00D53065
                                                                                                                                                                        • SetEvent.KERNEL32(?,?,?,?,00D52422,?,?,?,?,?,00000003,00000000,6C34C19C,00000000), ref: 00D53088
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Event$ErrorLastObjectResetSingleWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 708712559-0
                                                                                                                                                                        • Opcode ID: 43ed6ba30ccf74b20e99bbd51aa05308f85366d1a0b2f7ca05d623fff3d37ab9
                                                                                                                                                                        • Instruction ID: ec0fdf98001968666c63082993fce2cbacce3862942996d440c7d4810fadd83b
                                                                                                                                                                        • Opcode Fuzzy Hash: 43ed6ba30ccf74b20e99bbd51aa05308f85366d1a0b2f7ca05d623fff3d37ab9
                                                                                                                                                                        • Instruction Fuzzy Hash: 281191312047448FDF319F2ED948B57BBE1AB50362F08481DEC82935A6C3A1ED99CB60
                                                                                                                                                                        Function 00C22910 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • InitializeCriticalSection.KERNEL32(?,6C34C19C,?), ref: 00C2296D
                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?,6C34C19C,?), ref: 00C2297A
                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00C229A2
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CriticalSection$EnterInitializeLeave
                                                                                                                                                                        • String ID: v
                                                                                                                                                                        • API String ID: 3991485460-3261393531
                                                                                                                                                                        • Opcode ID: b8979666e5ff4349fe5129ffec9adbc7acf3e14b4809ebfaabf6791b45ee923c
                                                                                                                                                                        • Instruction ID: 31486d299ce8e6378fd3d741636cac88d8c78b22135f4a48317ba725ddfe15f7
                                                                                                                                                                        • Opcode Fuzzy Hash: b8979666e5ff4349fe5129ffec9adbc7acf3e14b4809ebfaabf6791b45ee923c
                                                                                                                                                                        • Instruction Fuzzy Hash: FA21E4769043989FCF01DF24D844BE9BF74EB56324F1001A9D865A7382C7325A09CBA0
                                                                                                                                                                        Function 00D5EDB0 Relevance: 6.0, APIs: 4, Instructions: 44threadsynchronizationCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,?,6C34C19C,?,?,00000000,00DDC4E0,000000FF,00000000,00D5ED98,00000000,C000008C,00000001,00000000,?), ref: 00D5EDE7
                                                                                                                                                                        • GetExitCodeThread.KERNEL32(00000000,6C34C19C,?,?,00000000,00DDC4E0,000000FF,00000000,00D5ED98,00000000,C000008C,00000001,00000000,?,?,?), ref: 00D5EE01
                                                                                                                                                                        • TerminateThread.KERNEL32(00000000,00000000,?,?,00000000,00DDC4E0,000000FF,00000000,00D5ED98,00000000,C000008C,00000001,00000000,?,?,?), ref: 00D5EE19
                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000000,00DDC4E0,000000FF,00000000,00D5ED98,00000000,C000008C,00000001,00000000,?,?,?,80004005), ref: 00D5EE22
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Thread$CloseCodeExitHandleObjectSingleTerminateWait
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3774109050-0
                                                                                                                                                                        • Opcode ID: 8df121a469de7b63f4ef6a1c5238db263436db86e17f19ef2d51aa92ec2eb54e
                                                                                                                                                                        • Instruction ID: 632e42430453aa8e70564e8ce19d38b0a018e653459298c87de9288414f06225
                                                                                                                                                                        • Opcode Fuzzy Hash: 8df121a469de7b63f4ef6a1c5238db263436db86e17f19ef2d51aa92ec2eb54e
                                                                                                                                                                        • Instruction Fuzzy Hash: 7B01D231500619DFCB288F55CD09B66BBF8FB04711F004629FC26E26A0D7B0A914CE60
                                                                                                                                                                        Function 00C0AF20 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 455synchronizationCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateEventExW.KERNEL32(00000000,00000000,00000001,001F0003,?,?,?,6C34C19C), ref: 00C0B448
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00C0B49E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateEventObjectSingleWait
                                                                                                                                                                        • String ID: .appinstaller
                                                                                                                                                                        • API String ID: 2678385144-3071040812
                                                                                                                                                                        • Opcode ID: 836f5b98a44e7cccb41383d3de114d35f9d9daf26d8004db67853c21a06115b1
                                                                                                                                                                        • Instruction ID: 478e158d4b0256db19fbf2f6d948cfb3741ed3a4ca69dce164532f43e6725e90
                                                                                                                                                                        • Opcode Fuzzy Hash: 836f5b98a44e7cccb41383d3de114d35f9d9daf26d8004db67853c21a06115b1
                                                                                                                                                                        • Instruction Fuzzy Hash: C2227CB080128CDEDF05DFA8C9587DD7BB4AF11308F248199E911672D2DBB99F48EB51
                                                                                                                                                                        Function 00C13060 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 231windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • CreateWindowExW.USER32(00000000,AtlAxWin140,?,?,?,80000000,00000000,00000000,?,00000000,00000000), ref: 00C130D6
                                                                                                                                                                        • SendMessageW.USER32(?,00000000,00000000), ref: 00C131D2
                                                                                                                                                                          • Part of subcall function 00C14BC0: SysFreeString.OLEAUT32(00000000), ref: 00C14C63
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateFreeMessageSendStringWindow
                                                                                                                                                                        • String ID: AtlAxWin140
                                                                                                                                                                        • API String ID: 4045344427-3842940177
                                                                                                                                                                        • Opcode ID: b1bb2e8cdb584e7a10b130982dd2cb8dea0fbbd430642ce42b3b7b45a89a77fe
                                                                                                                                                                        • Instruction ID: 9248bebc8d6d5891d10dcdb7aa128be5a5bcb8cf969f88369cf1b32e3de0b0af
                                                                                                                                                                        • Opcode Fuzzy Hash: b1bb2e8cdb584e7a10b130982dd2cb8dea0fbbd430642ce42b3b7b45a89a77fe
                                                                                                                                                                        • Instruction Fuzzy Hash: 8D913774600204EFDB14DF68C888F9ABBB9FF49714F2085A8F8299B391C771EA45DB50
                                                                                                                                                                        Function 00DC871D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • __startOneArgErrorHandling.LIBCMT ref: 00DC87AD
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorHandling__start
                                                                                                                                                                        • String ID: pow
                                                                                                                                                                        • API String ID: 3213639722-2276729525
                                                                                                                                                                        • Opcode ID: 31b6c0a103ef520e36e2beebd547a002949384708aa0d645ad6f300fd4b95c0c
                                                                                                                                                                        • Instruction ID: f56e9038b987da85c92b67f8ee69436f0c10407317985c820fcb4e4df62a490d
                                                                                                                                                                        • Opcode Fuzzy Hash: 31b6c0a103ef520e36e2beebd547a002949384708aa0d645ad6f300fd4b95c0c
                                                                                                                                                                        • Instruction Fuzzy Hash: 635109719082079ACB217714DD05F7A6B94DB60700F38496EE0E5433E9FE35CC95AA76
                                                                                                                                                                        Function 00D0D5D0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 192COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • PathIsUNCW.SHLWAPI(?,6C34C19C), ref: 00D0D671
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Path
                                                                                                                                                                        • String ID: \\?\$\\?\UNC\
                                                                                                                                                                        • API String ID: 2875597873-3019864461
                                                                                                                                                                        • Opcode ID: 97e2414d3221f96afda021b1a2156e516d23ed221f956e794b215a119fc6985f
                                                                                                                                                                        • Instruction ID: d6870e7cc9c426c3faa5b0c01d1eaade353c5c06d3e76fc54489e61038fbc6b0
                                                                                                                                                                        • Opcode Fuzzy Hash: 97e2414d3221f96afda021b1a2156e516d23ed221f956e794b215a119fc6985f
                                                                                                                                                                        • Instruction Fuzzy Hash: 4861D3B09002049BDB14DFA8D885BAEB7F6FF84304F10851DE45AA72C1DB75A944CBB1
                                                                                                                                                                        Function 00D4CB90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • CloseHandle.KERNEL32(?,6C34C19C,000000C9,00000000), ref: 00D4CD13
                                                                                                                                                                        • DeleteCriticalSection.KERNEL32(?,6C34C19C,000000C9,00000000), ref: 00D4CDA1
                                                                                                                                                                        Strings
                                                                                                                                                                        • << Advanced Installer (x86) Log >>, xrefs: 00D4CC7F
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Init_thread_footer$CloseCriticalDeleteHandleHeapProcessSection
                                                                                                                                                                        • String ID: << Advanced Installer (x86) Log >>
                                                                                                                                                                        • API String ID: 3699736680-396061572
                                                                                                                                                                        • Opcode ID: 7df96e9f9ccd58a03a7d6e6f601fc3efbde28b90269d8c3cc792adb07a8ae67c
                                                                                                                                                                        • Instruction ID: 6343d5312d737f52e3784574a05fba790b13f9a621a97bda52fb43933bc38d3e
                                                                                                                                                                        • Opcode Fuzzy Hash: 7df96e9f9ccd58a03a7d6e6f601fc3efbde28b90269d8c3cc792adb07a8ae67c
                                                                                                                                                                        • Instruction Fuzzy Hash: AB61CF70901685DFDB01CF6DC949B5EBBF0EF85314F1482ADE404AB792DB769A09CB90
                                                                                                                                                                        Function 00D53110 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 147synchronizationCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C09CC0: GetProcessHeap.KERNEL32 ref: 00C09D15
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09D47
                                                                                                                                                                          • Part of subcall function 00C09CC0: __Init_thread_footer.LIBCMT ref: 00C09DD2
                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,FTP Server,0000000A), ref: 00D53194
                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,0000000A,?,00000000,FTP Server,0000000A), ref: 00D531CD
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Init_thread_footer$ErrorHeapLastObjectProcessSingleWait
                                                                                                                                                                        • String ID: REST %u
                                                                                                                                                                        • API String ID: 1670056567-3183379045
                                                                                                                                                                        • Opcode ID: ab03ee1290c8acad1b63cd37f27a9449692cae768dd5e5b959a3f3187b28b535
                                                                                                                                                                        • Instruction ID: 4acbd2fbed5ad92c2339bbf3718097c6edabb5ef0f02f279ef305136281f6400
                                                                                                                                                                        • Opcode Fuzzy Hash: ab03ee1290c8acad1b63cd37f27a9449692cae768dd5e5b959a3f3187b28b535
                                                                                                                                                                        • Instruction Fuzzy Hash: BF510431600B049FDB20CB69CC44B5AB7E4FF41365F184628EC56DB6A1DB71EE48CB60
                                                                                                                                                                        Function 00D6F900 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • OpenEventW.KERNEL32(00000000,00000000,00000000,_pbl_evt,00000008,?,?,00E5BE58,00000001,6C34C19C,00000000), ref: 00D6F9AE
                                                                                                                                                                        • CreateEventW.KERNEL32(00000000,00000001,00000001,?), ref: 00D6F9CB
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Event$CreateOpen
                                                                                                                                                                        • String ID: _pbl_evt
                                                                                                                                                                        • API String ID: 2335040897-4023232351
                                                                                                                                                                        • Opcode ID: 87c541d18a3d402566fa42773fea2df89fe33013dcde4b3420597ce6bdcd90cd
                                                                                                                                                                        • Instruction ID: 131796fd8468344a20f50b30e02840941cfdf87a0f6cde97efe05e4f410dc944
                                                                                                                                                                        • Opcode Fuzzy Hash: 87c541d18a3d402566fa42773fea2df89fe33013dcde4b3420597ce6bdcd90cd
                                                                                                                                                                        • Instruction Fuzzy Hash: D5517C71D10618EFDB14DFA8D946BEEB7B4EF09714F108269E915B72C0EB746A04CBA0
                                                                                                                                                                        Function 00D4DEE0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetTempPathW.KERNEL32(00000104,?,6C34C19C,?,?,00EC9384), ref: 00D4DF1F
                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000,?,00EC9384), ref: 00D4DF80
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CreateDirectoryPathTemp
                                                                                                                                                                        • String ID: ADVINST_LOGS
                                                                                                                                                                        • API String ID: 2885754953-2492584244
                                                                                                                                                                        • Opcode ID: ade88abf570244316147a5cebcfa069ac3654d2903609c25283d6d620371dd0b
                                                                                                                                                                        • Instruction ID: 340720b4416ba12dd1a312c553a5c4ee4b1935a684d5997536139ba230a8f82a
                                                                                                                                                                        • Opcode Fuzzy Hash: ade88abf570244316147a5cebcfa069ac3654d2903609c25283d6d620371dd0b
                                                                                                                                                                        • Instruction Fuzzy Hash: 5D51E675900259DBCF309F28C8447BAB3F4FF14714F1846AEE85A97291EB749D85CBA0
                                                                                                                                                                        Function 00D23620 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103windowCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • FormatMessageW.KERNEL32(000013FF,00000000,?,00000000,00000000,00000000,00000000,6C34C19C,00E5B190), ref: 00D23678
                                                                                                                                                                        • LocalFree.KERNEL32(00000000,00000000,-00000002), ref: 00D23782
                                                                                                                                                                          • Part of subcall function 00D13110: std::locale::_Init.LIBCPMT ref: 00D131ED
                                                                                                                                                                          • Part of subcall function 00D10BA0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00D10C75
                                                                                                                                                                        Strings
                                                                                                                                                                        • Failed to get Windows error message [win32 error 0x, xrefs: 00D23696
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: FormatFreeInitIos_base_dtorLocalMessagestd::ios_base::_std::locale::_
                                                                                                                                                                        • String ID: Failed to get Windows error message [win32 error 0x
                                                                                                                                                                        • API String ID: 1983821583-3373098694
                                                                                                                                                                        • Opcode ID: 5d42f561fed21a83cca09630a53d3a4b16ee16ecb471ee194fc423fa114aaf73
                                                                                                                                                                        • Instruction ID: 108482dcb871549371fe970e9d90c27c7b9ca3c83e619d4f58f8a41b3d1bad75
                                                                                                                                                                        • Opcode Fuzzy Hash: 5d42f561fed21a83cca09630a53d3a4b16ee16ecb471ee194fc423fa114aaf73
                                                                                                                                                                        • Instruction Fuzzy Hash: 114191B0A003199BDB10DF68D909BAFBBF8FF44704F144559E455EB290D7B8AB48CBA1
                                                                                                                                                                        Function 00C45300 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • std::_Lockit::_Lockit.LIBCPMT ref: 00C4532B
                                                                                                                                                                        • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00C4538E
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                        • String ID: bad locale name
                                                                                                                                                                        • API String ID: 3988782225-1405518554
                                                                                                                                                                        • Opcode ID: 90433fd7cb829464312b5cb687e3c755582a6c39aa6a44780f70f3bc3702b312
                                                                                                                                                                        • Instruction ID: 67848f022ee868655eacac11279da2b0c50b94fbac42e4023aebdeefc468c842
                                                                                                                                                                        • Opcode Fuzzy Hash: 90433fd7cb829464312b5cb687e3c755582a6c39aa6a44780f70f3bc3702b312
                                                                                                                                                                        • Instruction Fuzzy Hash: 7621E070A05B84DFD720CF69C90475ABBF4AF15300F14869DE45597B82D3B5AA08C7A1
                                                                                                                                                                        Function 00C278C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • GetParent.USER32(00000013), ref: 00C278F6
                                                                                                                                                                        Strings
                                                                                                                                                                        • Unknown exception, xrefs: 00C278CB
                                                                                                                                                                        • C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h, xrefs: 00C278DB
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Parent
                                                                                                                                                                        • String ID: C:\ReleaseAI\stubs\setup\controls\generic\VisualStyleBorder.h$Unknown exception
                                                                                                                                                                        • API String ID: 975332729-9186675
                                                                                                                                                                        • Opcode ID: b5f9c342cb469abedd440cc6068ea99955296f8ffbca4a496fa3d83f502edc3a
                                                                                                                                                                        • Instruction ID: b39c9011b31806e31c16dbd89a5513ef47958f35ce1d884f37dcca08e7a6ccc1
                                                                                                                                                                        • Opcode Fuzzy Hash: b5f9c342cb469abedd440cc6068ea99955296f8ffbca4a496fa3d83f502edc3a
                                                                                                                                                                        • Instruction Fuzzy Hash: 0E016130D05348EFDF04DBE4D919ADDBBB0AF55300F548198E4017B296DBB55E08EB91
                                                                                                                                                                        Function 00C12C06 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        • Unknown exception, xrefs: 00C12C0E
                                                                                                                                                                        • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 00C12C21
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ActiveWindow
                                                                                                                                                                        • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$Unknown exception
                                                                                                                                                                        • API String ID: 2558294473-2631306498
                                                                                                                                                                        • Opcode ID: f861ec29a5f277ad928f24053154c661c099a3eb95e568fff0756bd04dca1086
                                                                                                                                                                        • Instruction ID: c10ec7cd216d710800fce3b29cdaea8cbb62aed2605bd82762d22379ede727e6
                                                                                                                                                                        • Opcode Fuzzy Hash: f861ec29a5f277ad928f24053154c661c099a3eb95e568fff0756bd04dca1086
                                                                                                                                                                        • Instruction Fuzzy Hash: 83018030D05388EBDF05EBE8C9156DDBFB0AF56304F548198D0017B296DBB45A08E792
                                                                                                                                                                        Function 00C12812 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        • Unknown exception, xrefs: 00C1281A
                                                                                                                                                                        • C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp, xrefs: 00C1282A
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ActiveWindow
                                                                                                                                                                        • String ID: C:\ReleaseAI\platform\ui\controls\mshtml\GenericAxControl.cpp$Unknown exception
                                                                                                                                                                        • API String ID: 2558294473-2631306498
                                                                                                                                                                        • Opcode ID: 74fb2ae507ecb4ede91fcef38779dd3bdc404ea2723f934cf29531a22e7a8207
                                                                                                                                                                        • Instruction ID: ee9504b8b929c4a304fca6c13145c85c225b07f47433ab74e1251f3484723b40
                                                                                                                                                                        • Opcode Fuzzy Hash: 74fb2ae507ecb4ede91fcef38779dd3bdc404ea2723f934cf29531a22e7a8207
                                                                                                                                                                        • Instruction Fuzzy Hash: A5019E30D05388EBDF05DBE8D9196DDBFB0AF56304F548198E0027B2C6DBB45A08E7A2
                                                                                                                                                                        Function 00DB3EC1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                          • Part of subcall function 00C19260: InitializeCriticalSectionAndSpinCount.KERNEL32(00EC7F5C,00000000,6C34C19C,00C00000,Function_001DC6B0,000000FF,?,00DB3EF0,?,?,?,00C06508), ref: 00C19285
                                                                                                                                                                          • Part of subcall function 00C19260: GetLastError.KERNEL32(?,00DB3EF0,?,?,?,00C06508), ref: 00C1928F
                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,00C06508), ref: 00DB3EF4
                                                                                                                                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00C06508), ref: 00DB3F03
                                                                                                                                                                        Strings
                                                                                                                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00DB3EFE
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.2085031859.0000000000C01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C00000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.2085004449.0000000000C00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085230046.0000000000E39000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085306807.0000000000EC1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085447770.0000000000EC6000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085475566.0000000000EC7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.2085507674.0000000000ECA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_c00000_Installer eSPT Masa PPh versi 2.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CountCriticalDebugDebuggerErrorInitializeLastOutputPresentSectionSpinString
                                                                                                                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                        • API String ID: 450123788-631824599
                                                                                                                                                                        • Opcode ID: 55c4248777a1e745d76bd79433532323051402e5a086f9e36d60b71d0d82b866
                                                                                                                                                                        • Instruction ID: 737b2104dfae78afeaec477cdf0e8b3418df811a8e7b8ce19c8f536f710e30b6
                                                                                                                                                                        • Opcode Fuzzy Hash: 55c4248777a1e745d76bd79433532323051402e5a086f9e36d60b71d0d82b866
                                                                                                                                                                        • Instruction Fuzzy Hash: B6E06D706007118FC7209F2AE509792BEF4AF08304F04886CE486E3651EBB5D588DBB2